in reply to Login and CGI security ("open cookie jar") problem.
Another option is to use a timestamp on the server. For every action the user attempts to take, check the last timestamp for that account. If it's been more than 10 minutes, require re-authorization. Otherwise, update the timestamp to the current time and perform the action.
Sure, there is a window of time where some tricky malicious scripting could redirect the client to do something unintended, but it's minimized somewhat here.
|
---|
In Section
Seekers of Perl Wisdom