Re: [Tikiwiki-devel] session ends while editing

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

On Tue, Jul 26, 2005 at 05:06:57PM +0100, Michael Davey wrote:
> Sylvie Greverend wrote:
> >Each time I have a session ending while I am editing, I have the response
> >- use remember me (but I don't like cookies)
> >- change your tiki session lifetime to a highter time.. ok
> >- use another authentication method .... not always possible
> >I am never completly satisfied with that - and you?
> >
> >What about having a hidden field with the user hash in the form of the
> >save/preview buttom?
> >Will it be a security issue?
> 
> What about showing the login screen rather than an error message when 
> the session has ended, and making the login code 'remember' the 
> path_info, url and other important $_REQUEST information, so that after 
> one has logged in, the login screen can cause the appropriate 
> information to be reposted.
> 
> This is what SourceForge does, and it seems to work well.
> 

Sounds good providing that $_REQUEST info cant be modified on a
spoofed page and basically let you do whatever you want.  XSS
etc.

-- 

Damian Parker
Damosoft - TikiWiki Support, Development and Training
http://www.damosoft.co.uk / http://tikihost.net / http://tikiwiki.info
Telephone - 0845 004 3923  IAXtel - 700-168-0333  FWD - 72453
Full Online Support Tracking at - http://support.damosoft.net
*** http://free.tikihost.net - FREE TikiWiki hosting options!! ***

Re: [Tikiwiki-devel] session ends while editing

The Free / Libre / Open Source Web App with the most built-in features

Re: [Tikiwiki-devel] session ends while editing