|
| How do I prevent a session to work when I copy paste the url? |
| Iniciado por guest, 18,jun. 2015 13:29 - 4 respuestas |
| |
| | | |
|
| |
| Publicado el 18,junio 2015 - 13:29 |
Hello,
I want to prevent my users to copy paste a link and use this session to keep using my application.
Can anyone help me to prevent this?
Best regards,
Kozeta |
| |
| |
| | | |
|
| | |
| |
| Publicado el 18,junio 2015 - 14:14 |
| |
| |
| | | |
|
| | |
| |
| Publicado el 18,junio 2015 - 16:12 |
Hi Kozeta,
For AWP pages I use an encoded parameter that contains all calling parameters plus current date/time.
When a call to a page is submitted I decode the string and extract all parameters.
Then I check the date/time and if it differs more than a few seconds from the current date/time, the page reports a session expired message.
So the call is only valid for one or more seconds, just enough for the call to be made.
This works quite well.
Regards,
Piet |
| |
| |
| | | |
|
| | |
| |
| Publicado el 18,junio 2015 - 16:49 |
| |
| |
| | | |
|
| | |
| |
| Publicado el 18,junio 2015 - 18:22 |
Hi Kozeta,
The following code may save you some time:
Global declarations of page (you can place this code in the template)
clMyKeyGen is cl_KeyGen sCode,sSessionDate is string sCode=PageParameter("session") sParam=clMyKeyGen:BreakKey(sCode) sSessionDate=ExtractString(sParam,1) IF NOT Check_SessionParam(sSessionDate) THEN PageDisplay(PAGE_End,"This session has expired.") RETURN END //regular parameters sParam 2=ExtractString(sParam,2) sParam3=ExtractString(sParam,3) Procedure Check_SessionParam
FUNCTION Check_SessionParam(sSessionDateTime) sNowTime is string duDiff is Duration IF NOT DateTimeValid(sSessionDateTime) THEN RESULT False END sNowTime=SysDateTime() duDiff=DateTimeDifference(sSessionDateTime,sNowTime) RESULT duDiff..Minute<1 //this session is valid for 1 minute, you can make it less e.g. duDiff..Second<5 cl_KeyGen class
cl_KeyGen is a Class END PROCEDURE MakeKey(sCode,bUrlEncode) x is string x=sCode x=Crypt(sCode,"yourcryptstring",cryptFast+compressShortString,encodeBASE64) IF bUrlEncode THEN x=URLEncode(x) x=Replace(x,"=","%3D") END RESULT x PROCEDURE BreakKey(sCode) x is string x=sCode RESULT Uncrypt(x,"yourcryptstring",cryptFast+compressShortString,encodeBASE64) Opening a page: Open_Page(pagename as a quoted string, extra parameters)
e.g. Open_Page("MyPage","&p1=xxx&p2=yyy)
PROCEDURE Open_page(sPage,sExtraParam="") sParam,sUrl is string clMyKeygen is cl_KeyGen sParam=SysDateTime()+TAB+sBRIN+TAB+sPersCode IF sExtraParam<>"" THEN sParam+=TAB+sExtraParam sParam=clMyKeygen:MakeKey(sParam,False) sUrl=StringBuild("NL/%1.AWP?session=%2",sPage,sParam) PageDisplay(sUrl) RETURN
This is for AWP pages.
Have fun, regards,
Piet |
| |
| |
| | | |
|
| | | | |
| | |
|