Reply to losing session data with cross-site scripting

Your name:

Reply:


Posted by Steve Lefevre on 09/21/05 06:32

Hey folks -

I have a php site on a production server. The production server doesn't
have the spell libraries, and rather than migrate the site, we setup
spell checking functions on the development site, and shuttled the users
back and forth with specially crafted get links and forms.

The POST form or GET link on the production site contains the string to
be spellchecked. Once the user is at the development site, the string is
spellcheck, and corrected if necessary. The development site checks the
http referrer to make sure it's not just anybody, and the only thing it
does is spell checking, anyway.

After the spell checking is done, we then create links that bring the
user back to the development site. On the development site, I have an
include at the beginning of each page that checks for a session, and
either takes them to the proper page, or throws an error if they are not
on the login page and have no session.


Most of the time, no problem. When a user is returning from the
production site, their session is still set when they load the page on
the production server, and they get the appropriate page. However, for a
few users, they are somehow losing session data, and they get the error
when they try to return from the development server.

What is happening? Is is some kind of security setting on the browser?
These are remote users and I can't go and inspect their computers. I
will have to communicate by email or phone with them.

Steve Lfevre

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация