Two reasons for the warning
1- I did it by accident once refreshing to many times in a row. So if
the person was innocently trying to get it to work they now know why
they were kicked
2-I figure the warning would keep the pests away, because when they
would get to the stage in the software where it looks for hacking, they
are also using someone else's time, and both people see the warning, so
they can choose to work with the person in the future or not.
On 6/25/2014 5:15 PM, 'Alan Holden' via Open BlueDragon wrote:
Nice.
If these folks would be so advanced as to tamper with the keys - then
I would not warn them with any specifics as to WHY you're dropping them.
Al
On 6/25/2014 2:10 PM, Ernest McCloskey wrote:
I should have noted I use it to detect refresh, and use session
variables to look for tampering.
I gave some thought into the problem you are list below. My issue
is, I run an interactive session based system. And given that
connection problems or even a person's impatience in thinking things
should be occuring, they hit refresh. I had originally set it to
kick them when they did reload, but it wasn't until I ran into a slow
connection on a test one time that I realized that that wasn't going
to work with what I was doing, since i hit refresh to get some of the
images to load and it dumped me out of the session.
That's where the confirmation script come into play. It asks them if
they want to refresh the page or exit. That way if they were
impatient it would leave them in the system and re-request (without
session reset) the information. Of course it won't work on a non
javascript enabled browser, but then again the site needs javascript
to work (no way around not having it). And if they tried to force a
session reset the keys I set in session won't match and it drops them
for tampering with a warning. :)
On 6/25/2014 4:53 PM, Marcus F wrote:
Yep, that's exactly what I suggested. Set a session variable and act
accordingly.
Since we don't know exactly what you're doing, we can't give much
more detailed advice.
On Wednesday, June 25, 2014 3:39:17 PM UTC-5, Al Holden wrote:
Client-based solutions - like JavaScript - will only work if
security is not important. Folks who wish to bypass client
scripting and make another http request will be able to do so by
manipulating a client device; thus extending a CFML session.
CFML Sessions are designed to be extended whenever another
request is made (no http request - new page, reload page,
httpAsync request, whatever). They are designed to expire only
after a period of inactivity - as in no request at all.
You'll need a separate (session) variable (in a session which
lasts longer than your special test) or cookie, which stores a
datetime from their last request, so only you can update it, and
you can do your own security magic with it. If THAT time has
passed, or the parameter is missing entirely, then force your
logout.
Al Holden
On 6/25/2014 1:29 PM, Marcus F wrote:
MiniFireDragons solution should work, assuming JavaScript is
turned on, and that the users aren't deliberately trying to
extend the sessions.
On Wednesday, June 25, 2014 3:02:36 PM UTC-5, MiniFireDragon
wrote:
it's javascript, and
window.onbeforeunload = confirmExit;
function confirmExit()
{
if( $j('#fader').css('display') != 'none')return 'Do
you really want to exit?';
}
I used jquery for this of course. What I did is I set a
flag. A semi transparent black background that opens when I
am in a place where i don't want to exit.
On 6/25/2014 1:28 PM, Skellington wrote:
Hello,
Is there a tag or function to detect a page reload? I
found that if someone reloads my main index.cfm their
session which is supposed to be expired is extending the
session. If someone hits reload I would like to log them out.
Thanks,
Charlie
--
--
online documentation: http://openbd.org/manual/
http://groups.google.com/group/openbd?hl=en
<http://groups.google.com/group/openbd?hl=en>
---
You received this message because you are subscribed to
the Google Groups "Open BlueDragon" group.
To unsubscribe from this group and stop receiving emails
from it, send an email to [email protected].
For more options, visit https://groups.google.com/d/optout
<https://groups.google.com/d/optout>.
--
--
online documentation: http://openbd.org/manual/
http://groups.google.com/group/openbd?hl=en
<http://groups.google.com/group/openbd?hl=en>
---
You received this message because you are subscribed to the
Google Groups "Open BlueDragon" group.
To unsubscribe from this group and stop receiving emails from
it, send an email to [email protected] <javascript:>.
For more options, visit https://groups.google.com/d/optout
<https://groups.google.com/d/optout>.
--
--
online documentation: http://openbd.org/manual/
http://groups.google.com/group/openbd?hl=en
---
You received this message because you are subscribed to the Google
Groups "Open BlueDragon" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to [email protected]
<mailto:[email protected]>.
For more options, visit https://groups.google.com/d/optout.
--
--
online documentation: http://openbd.org/manual/
http://groups.google.com/group/openbd?hl=en
---
You received this message because you are subscribed to the Google
Groups "Open BlueDragon" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to [email protected]
<mailto:[email protected]>.
For more options, visit https://groups.google.com/d/optout.
--
--
online documentation: http://openbd.org/manual/
http://groups.google.com/group/openbd?hl=en
---
You received this message because you are subscribed to the Google
Groups "Open BlueDragon" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected]
<mailto:[email protected]>.
For more options, visit https://groups.google.com/d/optout.
--
--
online documentation: http://openbd.org/manual/
http://groups.google.com/group/openbd?hl=en
---
You received this message because you are subscribed to the Google Groups "Open BlueDragon" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
