Re: [Phplib-users] Re: Phplib-users digest, Vol 1 #90 - 1 msg
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
Re: [Phplib-users] Re: Phplib-users digest, Vol 1 #90 - 1 msg
|
From: <fr...@on...> - 2001-12-10 16:14:55
|
On Mon, Dec 10, 2001 at 05:54:58AM -0500, Patrick Haggood wrote: > Is there a better way to log someone out from your pages? I'm having > intermittent security holes popup when someone logs out from my pages > but then hits 'back' a bunch of times. The ACS/OpenACS v4 software (OpenACS.org) solves this problem by generating a one-time hash value with an embedded timestamp that goes into a hidden field in the login page form. Any attempt to login a second time with the same name, password and hash value is refused somehow. I don't know how the system determines that the hash value is being used a second time. -- Fred Yankowski fr...@On... tel: +1.630.879.1312 Principal Consultant www.OntoSys.com fax: +1.630.879.1370 OntoSys, Inc 38W242 Deerpath Rd, Batavia, IL 60510, USA |
