Beefy Boxes and Bandwidth Generously Provided by pair Networks
go ahead... be a heretic
 
PerlMonks  

Re: Re: Re: Secure Session Management

by dws (Chancellor)
on Sep 06, 2002 at 19:55 UTC ( #195762=note: print w/replies, xml ) Need Help??


in reply to Re: Re: Secure Session Management
in thread Secure Session Management

Also, how does the server 'tell the client'? I know there is such a thing as 'server push', but I didn't think this had ever made much of an impact.

The server "tells" the client (to delete the session cookie) in response to a request from the client. In the timeout case, the server can also refuse to handle the request.

Push isn't needed. If a web application really, really needs to know on a minute-by-minute basis whether the server thinks the client is logged in, use a hidden frame that refreshes on a periodic basis, and expire the session cookie on refresh. You can also include a javascript snippet to communicate "I've been logged out" to some non-hidden frame element.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://195762]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others contemplating the Monastery: (4)
As of 2020-01-18 12:10 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Notices?