Re: protection against multiple child browsers

Thu, 30 Nov 2000 14:33:34 -0800 

You could put some hidden input fields on the important web pages to help do
sanity checks when the request is processed in the server.  In your example,
you
could put the primary key, customer name, and so on, as hidden input fields,
and then
compare these values with what you were expecting before you proceed to do
the update.

-----Original Message-----
From: Marc Krisjanous [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 30, 2000 3:28 PM
To: [EMAIL PROTECTED]
Subject: protection against multiple child browsers


Hi all,
I have an interesting question! Based on the scenario below what solutions
could be provided?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The diaster scenario might take the form of an account manager opening up a
customer's profile, ready to make a slight change in it.  The manager
remembers that another customer has similar values and proceeds to open up
another, and simultaneous, browser window.  This second window inherits the
firsts cookie and hence client state.  As far as the server is concerned,
the singular browser instance just switched to a new customer profile.  The
manager views the second customer's information and then switches to the
first browser window, makes some changes, and then submits them to the
server.  If the client state contained the primary key contained the primary
key to the customer, the server might update the second customers record
with the first customers data.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




Best Regards

Marc

___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".

Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html

___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".

Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html

Reply via email to