"be consistent" | |
PerlMonks |
Re: Login and CGI security problem.by chromatic (Archbishop) |
on May 12, 2000 at 20:51 UTC ( [id://11318]=note: print w/replies, xml ) | Need Help?? |
Another option is to use a timestamp on the server. For every action the user attempts to take, check the last timestamp for that account. If it's been more than 10 minutes, require re-authorization. Otherwise, update the timestamp to the current time and perform the action.
Sure, there is a window of time where some tricky malicious scripting could redirect the client to do something unintended, but it's minimized somewhat here.
In Section
Seekers of Perl Wisdom
|
|