| GHengeveld |
|
|---|---|
|
Some applications, for example Magento Commerce, generate a random hash code when the system is installed. This is then used to uniquely identify the site and as a salt for passwords. Maybe Cotonti needs something like that too? I use it in my framework as a replacement for
defined(SED_CODE) or die();since it's not very safe like that (it only prevents direct file access, but not file inclusion because it is easy to guess): defined($cfg['app_code']) or die(); Added 3 hours 42 minutes later: On a side note, I want to report that the Cotonti auth system fails almost always when I try to use it on my mobile (Nokia E63), even though the mobile browser supports cookies (it seems the problem is caused by sessions, not cookies). |
|
| This post was edited by Koradhil (2010-07-03 20:09, 13 years ago) |
| ez |
|
|---|---|
|
I am sorry to say that I probably still have this "losing connection" problem.
I have upgraded to 0.69. I have made the remember me option default on. (nice feature by the way) What went wrong: A user makes a very long story(page) and took a long time to create it... He submits the article. And thats were it went wrong.. the work is lost.. (very angry user by the way) BUT he was not logged out...??? so the remember me option is working i guess. I think the session timed out (or something like that) en therefore the post is not submitted correctly.?? Really strange stuff.... (IS this possible ???) ANYWAY: I do not like my users to be angry, so I will write an autosave plugin plugin. (Is a nice feature I think) I am going to write it so that the users work will be saved every minute (automatically !!!). And I will make a recover function in the pages (add and edit) to get the lost work back (also automatically). Anybody interested in this plugin to ???? greets, EZ ==- I say: Keep it EZ -==
|
| Trustmaster |
|
|---|---|
|
That sometimes happens when browsing the site in another tab after a long time editing an article/post, so that XSS protection code has changed before you submit the form.
It is not the super-ultimate solution, but 0.9 remembers all the input until it is cleaned explicitly (so you can restore the data even after you have been logged out). May the Source be with you!
|
| ez |
|
|---|---|
|
Do I have influence on this XSS code?, so that I can make the time longer?
Basically you are saying that this problem will be solved in Siena.. v0.9, but untill, there is a stable version of Siena, then there is No solution for this. Ok.. My autosave / autorecover plugin is a real option then I figure.. Thnx for the response ==- I say: Keep it EZ -==
|
| Trustmaster |
|
|---|---|
|
This could also be fixed (for many cases but not all) by storing previous protection code for a longer period rather than just 1 request (as it currently does). Unfortunately, any of the known solutions has side effects.
May the Source be with you!
|
