[prev in list] [next in list] [prev in thread] [next in thread] 

List:       twig-devel
Subject:    [twig-devel] kiosks, caches, cookies and forms :-(  (Security issue...)
From:       eric.w.wedaa () philips ! com
Date:       2002-09-18 20:24:44
[Download RAW message or body]

Cutting straight to the chase....

PROBLEM:
      - User A uses a kiosk to read his/her TWIG mail, does NOT exit the browser.
      - User B comes along, and back-arrows the browser (or CNTL-H to get the history \
                file).  User B
        will eventually get to a screen that says "Data Missing: The document \
resulted from a POST operation and has expired from the cache."  User B then hits \
"reload",  and gets into User A's mail account.

DETAILS:
      The "expired/reloadable" page is typically the page you get RIGHT AFTER you \
login (http://yada.yada.com/twig/index.php3) which NEVER has any of the dynamic stuff \
added to it (ts=, etc).

Other than closing the browser, does anyone have any ideas?

> > > Ericw


[prev in list] [next in list] [prev in thread] [next in thread]