All -
I'm running into a problem where our app is using one-time
authentication tokens. When you login, the app gives you a token (in the
form of MD5 string in a cookie). When you make your next page request,
you pass the token to the app which invalidates the token (in the
database), then processes the request. The app generates a new token to
send along with the request (overwriting the cookie).
The problem is this - if the request is a long-running one
(like, 3+ seconds), there's a window during which the user can make
another request with an old token, invalidated because it was already
used to make the first long-running request.
So, one solution we've thought of is to generate the new token
when we invalidate the old one and send the headers (with the new
cookie) before we even begin processing the request. Is this possible to
do with C::A? Would this solve our problem?
Thanks,
Rob
CONFIDENTIALITY NOTICE: The information in this electronic transmission and any
documents accompanying it may contain confidential information belonging to the
sender, which is legally privileged. The information is intended only for the
use of the individual or entities named above. If you are not the intended
recipient, you are hereby notified that any disclosure, copying, distribution
or the taking of any action in reliance on the contents of this information is
strictly prohibited. If you have received this transmission in error, please
destroy the message in its entirety.
---------------------------------------------------------------------
Web Archive: http://www.mail-archive.com/cgiapp@xxxxxxxxxxxxxxxxx/
http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: cgiapp-unsubscribe@xxxxxxxxxxxxxxxxx
For additional commands, e-mail: cgiapp-help@xxxxxxxxxxxxxxxxx
|
Try Searching:
servers, voip, java, networking, microsoft ...
|
|
|
| 
