Re: [phplib] FORM data get lost at user timeout... From: Arno A. Karner (karner <email protected>)
Date: 10/18/00

Jeroen Laarhoven wrote:
>
> Since after a time out you should not accept posted data (probably not the
> same user, because you choose to time out him/her) you should not accept the
> posted data before he is logged in again.
>
> A possible solution might be store all posted data when the login form is
> called as e.g. hidden fields and then accept them after login is oke.
>
> But ... by design ... if one is timed out ... dumping his 'old' input might
> feel better.
>
> You might think about simply increasing the time out time (for this form
> only?).
>
> Greetings
> Jeroen.
>
> = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
> Jeroen Laarhoven, Zwolle, Netherlands
> email: jeroen <email protected>
> www: http://jeroen.polder.net
> = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
>
> ----- Original Message -----
> From: "Arno A. Karner" <karner <email protected>>
> To: <phplib <email protected>>
> Sent: Wednesday, October 18, 2000 12:31 AM
> Subject: Re: [phplib] FORM data get lost at user timeout...
>
> > i would also like to see a clean auth login form that didnt destroy post
> > or get data from the user if they are sucsesful in loging in
> >
> > but as i was flamed once for saying that phplib modifis post data i
> > waited for some one else to start this conversation again
> >
> > ps $sess->reimport_post_vars()
> > must have some code in it that modifies post data but i dont know if
> > its intent was to solve this problem or not but im interested in any
> > solution sombody comes up with, my project will require it b 4 im
> > finished because of the reason u state here ie: USERS
> >
> > Marko Kaening wrote:
> > >
> > > Hi,
> > >
the solution that i thought of 4 this but havent had chance to try is
when you do the login you already have a session var save post data as
loginpost, get vars as loginget, then in page open test for isregistered
loginpost, loginget if the exist copy them back to HTTP_POST_VARS, and
HTTP_GET_VARS, and unregister them. because when u make it to a certen
point in page open you know your authenticated so restoring the vars is
a good thing.

myself on linux i can have long timeouts cause my screen saver locks the
x console, my clients run winblows and have no such feature so extenting
the the time out is more of a security issue. extenting the auth timeout
also makes it easier to hijack sessions now you have more time to hack.

any thoughts on if this idea will fly or any problems i might run into
tring to do this?

> > > I have an input page with a lot of text edit fields and stuff like that.
> > > If the user forgets press the update button from time to time he
> overruns
> > > phplib's timeout (say 15 mins) the login form appears... So far so good,
> > > but unfortunately all the input which was made by the user is lost... Is
> > > there a way to retrieve the data which were inputted? It looks like it's
> > > impossible, since it depends on the browser where data are stored and
> > > since the caching should be switched off with phplib it looks like the
> > > only way is to make the timeout longer... Or, am I wrong?
> > >
> > > Any suggestions?
> > >
> > > Marko
> > >
> > > --
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: phplib-unsubscribe <email protected>
> > > For additional commands, e-mail: phplib-help <email protected>
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: phplib-unsubscribe <email protected>
> > For additional commands, e-mail: phplib-help <email protected>
> >
> >
> >
> >

---------------------------------------------------------------------
To unsubscribe, e-mail: phplib-unsubscribe <email protected>
For additional commands, e-mail: phplib-help <email protected>