RML wrote:
Well, the problem is that I've divided my users into different groups. And
those groups have various levels of authorities. The problem that occurs is
that, not knowing which browser-tab is using my application, I can't be
sure what permissions to give to the application-user should users use the
same browser (on different tabs).
You mean like two different users in one and the same browser?
Well, first of all, there are plenty web applications, like for example
web mail and Internet banking, that enable you two open two, or more,
tabs or windows. However, you can either limit the number of connections
or check for a user/session ID by adding/using a user/session specific
global var or a property on one of the available objects, like for
example the window or document.
RML
"Benjamin D. Smedberg" <[EMAIL PROTECTED]> schreef in bericht
news:[EMAIL PROTECTED]
Planet Internet Nieuws wrote:
I'm currently writing a .NET application and I run into a problem using
multi-tab browsers (like FireFox). I'm using the unique ASP.NET
session-id to keep track of security issues with a logged-in user. The
session id is one-on-one with his/her security account. However, when
using 2 tabs in FireFox, one session-id is used by both tabs. It
undermines my procedures. How can I deal with this problem? How do I make
each tab-session unique?
It's the same browser, so it uses the same cookies (which presumably
matches up to the ASP.NET session ID). Why do you care which tab the user
is in? Perhaps they wanted to see your website in two tabs at the same
time...
--BDS
_______________________________________________
Mozilla-security mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-security
