FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » sessions causing refreshing not to work
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: sessions causing refreshing not to work [message #178328 is a reply to message #178316] Tue, 05 June 2012 04:46 Go to previous messageGo to previous message
Thomas 'PointedEars'  is currently offline  Thomas 'PointedEars'
Messages: 701
Registered: October 2010
Karma:
Senior Member
Peter H. Coffin wrote:

> On Sat, 02 Jun 2012 23:17:03 -0400, Michael Joel wrote:
>> I have page data being sent through a php script that uses sessions to
>> pass along variables. These vars are used to load data.
>>
>> If a user opens a page, everything works fine.
>> If they open another in a new window it works fine.
>> If they tab back over to the original browser window and hit refresh it
>> switches to the last page they opened in the other window.
>>
>> This is because sessions is keeping that last var data in memory so the
>> old page when refreshed reads the new var data and opens new data
>> instead of refreshing the old.
>>
>> How would I go about fixing this so a page doesn't lose it's var data on
>> refresh?
>
> Set session.use_trans_sid, unset session.use_cookie, don't forget to
> grab the session ID out of the $_GET array for every page load. Yes,
> your URLs will be ugly, and it'll be not impossible for someone to end
> up screwing things somehow with URL bookmarking or sharing.

More importantly, it will be a security hole to be exploited:

< https://www.owasp.org/index.php/Session_Management_Cheat_Sheet#Manage_Sessi on_ID_as_Any_Other_User_Input>


PointedEars
--
Sometimes, what you learn is wrong. If those wrong ideas are close to the
root of the knowledge tree you build on a particular subject, pruning the
bad branches can sometimes cause the whole tree to collapse.
-- Mike Duffy in cljs, <news:Xns9FB6521286DB8invalidcom(at)94(dot)75(dot)214(dot)39>
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: passing documents through pages
Next Topic: PHP Sessions and XML
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sat Nov 09 13:03:07 GMT 2024

Total time taken to generate the page: 0.04956 seconds