What we do with our application, is use a "screensaver". Like the ones used in the os this kicks in after a period of inactivity and blocks all input until the user types in his password. The state (on or off) of the screensaver is stored in the session to prevent page refreshes from removing it. It is probably not completely fool proof since it relies om some client-side javascript / ajax to work, but it will definitely stop the casual nosy customer. Martijn Dashorst build ours, so i am not completely aware of all the details but it should not be that hard to do it yourself.
Maurice On Wed, Mar 5, 2008 at 1:40 AM, Warren <[EMAIL PROTECTED]> wrote: > >Very interesting, i am guessing you have a very short session timeout? > >or otherwise require your users to re-authenticate themselfs after a > >period of inactivity? after all any one could pick up such a devise > >and continue where an authenticated user left. Perhaps you are even > >using somekind of proximity hardware (bluethoot?) that locks the pda > >when a user wanders off to far? > > This was my next thing to tackle. The proximity hardware would be nice, but > there are some issues with it too. I want to do some kind of re-authenticate > after a period of inactivity. I want to require a re-authenticate after say > 5-10 minutes and log them completely off if the session expires. I just need > to implement the re-authenticate part some how. Do you have any suggestions? > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
