I'm looking for some ideas. Late last year I hardened an older Active4D site that was failing some vulnerability tests. One strategy I used in many forms was to look for cases where unexpected values would be repeatedly submitted into form fields. These typically come from bots or someone using some type of "man in the middle" tool. For example, sending a value for a select menu that isn't one of the provided choices. When a blatant violation occurs the user-agent is kicked out of the form. Maybe not the best idea, but they are passing the tests now.
To do this I had to implement sessions on many forms that previously didn't have them. Some of these forms are long and may require some time to complete. I've had a couple of occasions where users that were entering long proposals "lost their work" because their time to fill out the form exceeds the session timeout. When this first happened I increased the timeout from 10 to 30 minutes thinking that would be sufficient. It happened again to someone in upper management yesterday, so I need to fix this. Basically, I'm looking for some type of client-side solution that will detect user activity and send a message to Active4D to extend the session. If anyone has done this can you share your thoughts (or code). Other ideas? Best, Brad Perkins -- View this message in context: http://www.nabble.com/Available-for-contract-work-tp21611321p21628243.html Sent from the Active4D mailing list archive at Nabble.com. _______________________________________________ Active4D-dev mailing list [email protected] http://mailman.aparajitaworld.com/mailman/listinfo/active4d-dev Archives: http://mailman.aparajitaworld.com/archive/active4d-dev/
