[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security Advisory Update (XSRF issues)

On Thu, Jan 28, 2010 at 09:08:57AM -0800, Chris Travers wrote:
> 3)  When a session times out, the associated forms will be lost.

That doesn't sound so good, I have to say. At present it is merely
annoying when one forgets to post a form (because it is rare and when
it happens it is the user's fault and I learn from my mistakes), but if
one were part-way through completing a form and for the system then not
to allow it to be posted and for that assembled data in the form to be
lost sounds a lot more disruptive to me because there's nothing the user
has done wrong.

Or have I misunderstood?

Openstrike - improving business through open source
http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107

Attachment: pgpZhcXPAkwZi.pgp
Description: PGP signature