All -
I'm running into a problem where our app is using one-time
authentication tokens. When you login, the app gives you a token (in the
form of MD5 string in a cookie). When you make your next page request,
you pass the token to the app which invalidates the token (in the
database), then processes the request. The app generates a new token to
send along with the request (overwriting the cookie).
The problem is this - if the request is a long-running one
(like, 3+ seconds), there's a window during which the user can make
another request with an old token, invalidated because it was already
used to make the first long-running request.
So, one solution we've thought of is to generate the new token
when we invalidate the old one and send the headers (with the new
cookie) before we even begin processing the request. Is this possible to
do with C::A? Would this solve our problem?
Thanks,
Rob
CONFIDENTIALITY NOTICE: The information in this electronic transmission and any documents accompanying it may contain confidential information belonging to the sender, which is legally privileged. The information is intended only for the use of the individual or entities named above. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or the taking of any action in reliance on the contents of this information is strictly prohibited. If you have received this transmission in error, please destroy the message in its entirety.
---------------------------------------------------------------------
Web Archive: http://www.mail-archive.com/suppressed/
http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: suppressed
For additional commands, e-mail: suppressed
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.