Re: sessions causing refreshing not to work [message #178328 is a reply to message #178316] |
Tue, 05 June 2012 04:46 |
Thomas 'PointedEars'
Messages: 701 Registered: October 2010
Karma:
|
Senior Member |
|
|
Peter H. Coffin wrote:
> On Sat, 02 Jun 2012 23:17:03 -0400, Michael Joel wrote:
>> I have page data being sent through a php script that uses sessions to
>> pass along variables. These vars are used to load data.
>>
>> If a user opens a page, everything works fine.
>> If they open another in a new window it works fine.
>> If they tab back over to the original browser window and hit refresh it
>> switches to the last page they opened in the other window.
>>
>> This is because sessions is keeping that last var data in memory so the
>> old page when refreshed reads the new var data and opens new data
>> instead of refreshing the old.
>>
>> How would I go about fixing this so a page doesn't lose it's var data on
>> refresh?
>
> Set session.use_trans_sid, unset session.use_cookie, don't forget to
> grab the session ID out of the $_GET array for every page load. Yes,
> your URLs will be ugly, and it'll be not impossible for someone to end
> up screwing things somehow with URL bookmarking or sharing.
More importantly, it will be a security hole to be exploited:
< https://www.owasp.org/index.php/Session_Management_Cheat_Sheet#Manage_Sessi on_ID_as_Any_Other_User_Input>
PointedEars
--
Sometimes, what you learn is wrong. If those wrong ideas are close to the
root of the knowledge tree you build on a particular subject, pruning the
bad branches can sometimes cause the whole tree to collapse.
-- Mike Duffy in cljs, <news:Xns9FB6521286DB8invalidcom(at)94(dot)75(dot)214(dot)39>
|
|
|