[prev in list] [next in list] [prev in thread] [next in thread]
List: twig-devel
Subject: [twig-devel] kiosks, caches, cookies and forms :-( (Security issue...)
From: eric.w.wedaa () philips ! com
Date: 2002-09-18 20:24:44
[Download RAW message or body]
Cutting straight to the chase....
PROBLEM:
- User A uses a kiosk to read his/her TWIG mail, does NOT exit the browser.
- User B comes along, and back-arrows the browser (or CNTL-H to get the history \
file). User B
will eventually get to a screen that says "Data Missing: The document \
resulted from a POST operation and has expired from the cache." User B then hits \
"reload", and gets into User A's mail account.
DETAILS:
The "expired/reloadable" page is typically the page you get RIGHT AFTER you \
login (http://yada.yada.com/twig/index.php3) which NEVER has any of the dynamic stuff \
added to it (ts=, etc).
Other than closing the browser, does anyone have any ideas?
> > > Ericw
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic