|
Posted by Steve Lefevre on 09/22/05 04:07
Chris Shiflett wrote:
> Steve Lefevre wrote:
>
> In this case, a user's session is stagnant for the duration of their
> trip to the other server. I'm guessing that users are typically only
> there for a brief moment, but this is something to keep in mind. Is
> there a way that some of your users might spend more time than you
> expect at the development site?
That could be, but given how it's just affecting one user on one
particular machine, I'm thinking it's something on the machine, i.e.
browser settings, firewall, etc.
>
>> > Checking Referer is useless, because everyone knows what you
>> > expect it to be.
>>
>> I'm not following you. How would anyone know what it should be?
>> Do you know what it should be?
>
>
> Heh. :-) Sorry about the ambiguity.
>
> What I mean is that people are only likely to know where your
> spell-checking thing is if they use your site. These people, by using
> your site, are going to know what the expected Referer is. Does that
> make more sense?
Ok, I get it. I'm not really worried about users hacking into the
website -- they aren't that computer savvy (trust me) , and they just
want to get their job done and stay *off* the website. I think the
security is good enough. And like I said all that's on it is spell
checking anyways.
>
>> That could be, but it consistently affects only one user on her
>> home computer, but not on her work.
>
>
> That's unfortunate. Your best bet might be to log everything you can -
> all HTTP headers for each request, all session activity, etc. If you
> can't reproduce the problem yourself, it's going to be very hard to
> debug (as I'm sure you've noticed).
>
That's no joke ;) !
>
> No problem - I thought you might have just left out something.
> Cross-site scripting is something else.
>
> By the way, you might consider using session_set_save_handler() to
> write your own session handling functions (temporarily), so that you
> can add more logging. I've found this to be helpful when debugging
> extremely sophisticated session problems.
This is very helpful as I will be doing advanced logging in the near
future.
Can you explain what cross-site scripting is, then?
Navigation:
[Reply to this message]
|