Last post Nov 06, 2013 03:17 AM by smirnov
Nov 05, 2013 09:57 PM|jack2006|LINK
The user jack logins in the website. The server validates username and password, and generates a random code and saves it in an xml file, then sends the string of "validata:true;checkcode:FGHHKKKEYN" to the client. The client saves the value in cookie.
Within 30 days, when the client requests the private data, the server will validate the value from the client and the one saved in the XML file .
Jack logins in the website by IE browser. Then he logins in by FireFox browser, the check code will be changed. So that Jack can't get private data before the cookie expires.
How to solve it?
Nov 06, 2013 03:17 AM|smirnov|LINK
If problem is that the key is always different then do not generate it randomly.
Once key is generated you can store it in your database and keep it there until it is not expired (30 days). When user logins in FF, you can check if key exists and assign it to him. This would also help if user will remove cookies in IE.