Difference between #12 and #13 of
Checking for "expired" sessions/logins on the client side

Revision #13 has been created by le_top on Apr 1, 2015, 11:16:48 PM with the memo:

formatting of "test case"
« previous (#12)

Changes

Title unchanged

Checking for "expired" sessions/logins on the client side

Category unchanged

How-tos

Yii version unchanged

Tags unchanged

csrf, login, cookie, UserIdentity, user auth, security, session, allowAutoLogin, Cache-Control

Content changed

[...]
In the proposed methods, the popups are modal to force the user to reload or close the page.

You should use your own CWebUser subclass as indicated below for full functionnality.

I haven't set up a test case to demonstrate the issue, but the following procedure should demonstrate the issue:

 
- Open a web page in your browser with a form relying on the YII_CSRF_TOKEN for submitting the data.
- Close the browser (with the reopen tabs functionnality active);
- Reopen the browser -> your form page should appear.
- Try to submit the form - submission should not work (if your browser did not reload the page).
[...]
4 0
12 followers
Viewed: 37 315 times
Version: 1.1
Category: How-tos
Tags: allowAutoLogin, Cache-Control, cookie, CSRF, login, security, session, user auth, UserIdentity
Written by: le_top
Last updated by: le_top
Created on: Jun 12, 2013
Last updated: 9 years ago
Update Article
Revert to #12 | Revert to #13

Revisions

View all history