[geeklog-devel] Prototype fix for expiring security tokens
Dirk Haun
dirk at haun-online.de
Wed Dec 30 05:05:26 EST 2009
>Feedback welcome.
Anyone?
The code is now in our Mercurial repository. I've managed to make things
fully transparent, including file uploads. As an added bonus, using the
browser's back button will now also work with forms that have an
embedded token - you will simply be asked to authenticate when you go
back and send the form again.
Pretty much the only requirement is that you use SEC_checkToken()
correctly, i.e. really only call it when you need to check for a token.
See <http://wiki.geeklog.net/index.php/Re-
Authentication_for_expired_Tokens> for more information.
bye, Dirk
--
http://www.geeklog.net/
http://geeklog.info/
More information about the geeklog-devel
mailing list