I should have noted I use it to detect refresh, and use session
variables to look for tampering.
I gave some thought into the problem you are list below. My issue is, I
run an interactive session based system. And given that connection
problems or even a person's impatience in thinking things should be
occuring, they hit refresh. I had originally set it to kick them when
they did reload, but it wasn't until I ran into a slow connection on a
test one time that I realized that that wasn't going to work with what I
was doing, since i hit refresh to get some of the images to load and it
dumped me out of the session.
That's where the confirmation script come into play. It asks them if
they want to refresh the page or exit. That way if they were impatient
it would leave them in the system and re-request (without session reset)
the information. Of course it won't work on a non javascript enabled
browser, but then again the site needs javascript to work (no way around
not having it). And if they tried to force a session reset the keys I
set in session won't match and it drops them for tampering with a
warning. :)
On 6/25/2014 4:53 PM, Marcus F wrote:
Yep, that's exactly what I suggested. Set a session variable and act
accordingly.
Since we don't know exactly what you're doing, we can't give much more
detailed advice.
On Wednesday, June 25, 2014 3:39:17 PM UTC-5, Al Holden wrote:
Client-based solutions - like JavaScript - will only work if
security is not important. Folks who wish to bypass client
scripting and make another http request will be able to do so by
manipulating a client device; thus extending a CFML session.
CFML Sessions are designed to be extended whenever another request
is made (no http request - new page, reload page, httpAsync
request, whatever). They are designed to expire only after a
period of inactivity - as in no request at all.
You'll need a separate (session) variable (in a session which
lasts longer than your special test) or cookie, which stores a
datetime from their last request, so only you can update it, and
you can do your own security magic with it. If THAT time has
passed, or the parameter is missing entirely, then force your logout.
Al Holden
On 6/25/2014 1:29 PM, Marcus F wrote:
MiniFireDragons solution should work, assuming JavaScript is
turned on, and that the users aren't deliberately trying to
extend the sessions.
On Wednesday, June 25, 2014 3:02:36 PM UTC-5, MiniFireDragon wrote:
it's javascript, and
window.onbeforeunload = confirmExit;
function confirmExit()
{
if( $j('#fader').css('display') != 'none')return 'Do you
really want to exit?';
}
I used jquery for this of course. What I did is I set a
flag. A semi transparent black background that opens when I
am in a place where i don't want to exit.
On 6/25/2014 1:28 PM, Skellington wrote:
Hello,
Is there a tag or function to detect a page reload? I found
that if someone reloads my main index.cfm their session
which is supposed to be expired is extending the session. If
someone hits reload I would like to log them out.
Thanks,
Charlie
--
--
online documentation: http://openbd.org/manual/
http://groups.google.com/group/openbd?hl=en
<http://groups.google.com/group/openbd?hl=en>
---
You received this message because you are subscribed to the
Google Groups "Open BlueDragon" group.
To unsubscribe from this group and stop receiving emails
from it, send an email to [email protected].
For more options, visit https://groups.google.com/d/optout
<https://groups.google.com/d/optout>.
--
--
online documentation: http://openbd.org/manual/
http://groups.google.com/group/openbd?hl=en
<http://groups.google.com/group/openbd?hl=en>
---
You received this message because you are subscribed to the
Google Groups "Open BlueDragon" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to [email protected] <javascript:>.
For more options, visit https://groups.google.com/d/optout
<https://groups.google.com/d/optout>.
--
--
online documentation: http://openbd.org/manual/
http://groups.google.com/group/openbd?hl=en
---
You received this message because you are subscribed to the Google
Groups "Open BlueDragon" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected]
<mailto:[email protected]>.
For more options, visit https://groups.google.com/d/optout.
--
--
online documentation: http://openbd.org/manual/
http://groups.google.com/group/openbd?hl=en
---
You received this message because you are subscribed to the Google Groups "Open BlueDragon" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
