Geoffrey Talvola wrote:
I think the original reason for loginid was: suppose someone logs in, then leaves their browser open for a while. Their session expires. Now suppose someone else comes up to the browser, uses the Back button to go back to the login screen, and then presses Forward to re-post the username and password. The loginid is supposed to prevent this from working.
Ok. There are other scenarios as well where you want things to happen only one time (for instance, database transactions). I wonder whether Webware could provide some methods to do this transparently so you don't have to invent and code this kind of things again and again.
As long as your newly modified code deletes the loginid as soon as it is used for a login, then it's fine.
Yes. The code still immediately clears the whole session after reading the login id. You can use it only one time.
-- Christoph ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ Webware-discuss mailing list Webware-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/webware-discuss
