[WEB SECURITY] Kiosk Vulnerability.
Michael Boman
michael.boman at gmail.com
Sun Jul 31 19:27:36 EDT 2005
On 7/28/05, sreenivas kumar <sree_dharma at yahoo.com> wrote:
> Hi,
>
> I have come across one of the Web vulnerability
> called Kiosk. Though I do not know much about it, I
> can convey my requirement.
> When user closes the browser window without logging
> off the application properly, the server side session
> will remain active.
> How can I terminate the Session immediately after the
> user browser is closed. How to track this event
> pressing close button of the Browser or some other way
> to fix this issue.
You can't really, because of the design of HTTP. What you could do is
to have a hidden "heartbeat" frame that reloads every 10-30 seconds
and you keep track on the server side when the last reload was. Make
sure that the only thing this frame does it to tell the server that
it's still alive and don't make it download a lot. And don't terminate
the session immediately after a missed heart beat, wait at least 2
missed heartbeats before you do so.
Best regards
Michael Boman
--
A: Maybe because some people are too annoyed by top-posting.
Q: Why do I not get an answer to my question(s)?
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/
The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/
More information about the websecurity
mailing list