Hi all,
I just started using webware and am wondering what the importance of the
loginid hidden variable in the SecurePage example.
In the LoginPage, a loginid is created and embedded:
# Create a "unique" login id and put it in the form as well as in the session.
# Login will only be allowed if they match.
loginid = uniqueId(self)
self.session().setValue('loginid', loginid)
...
self.writeln('<input type="hidden" name="loginid" value="%s">' % loginid)
The hidden loginid later gets checked against the loginid in the session, with
authentication failing if they do not match. Could someone enlighten me as to
why anyone would need do this and what it protects against?
Thanks,
--
Bryan Mongeau
eEvolved Inc. - IT Consulting & Custom Software
http://eevolved.com/
--
"Anyone who has never made a mistake has never tried anything new."-- Einstein
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Webware-discuss mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/webware-discuss
