What's the best way of handling security for a website that may be used in a kiosk mode? I'm working on a student grade system that does a one time validation and sets a session variable. Timeout is 15 minutes.
John may log into the system using a lab computer to retrieve his student grades, become confused, wander to yahoo, read his mail, then leave the computer as is. Sue may come in to use the same machine, go to the grade application to get her grades, and still be logged in as John. Is there a good way to avoid this? I'm thinking about mangling the referer variable and zapping the session variables if the referer is not from the application. i.e. <cfif left(CGI.HTTP_REFERER,X) is not "http://www.gradesrus.com/"; ... session.auth=0> That would solve the 'lost' client wandering out of the site. Leaving the site is equivalent to logging out then (more or less). What about a javascript warning when a person is going to leave the application? I'm not a javascript guru, but it seems like an onunload in the body should be able to give a popup alert and hopefully the ability to cancel the outside navigation. Anyone ever try it? Is there a better approach to this? Thanks! Brian ______________________________________________________________________ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
