如何在同一浏览器的不同选项卡中维护会话?
[英]How to maintain session in different tabs of same browser?
问题描述
My website is used to administer customer accounts. 
我的网站用于管理客户帐户。 If I access CustomerA's account through the website then open a new tab and access CustomerB's account the session holding the customer ID updates to think I'm now working on CustomerB. 如果我通过网站访问CustomerA的帐户,则打开一个新选项卡并访问CustomerB的帐户,持有客户ID的会话将更新,以为我正在使用CustomerB。 Then if I click back to CustomerA's tab and start editing that page I am in fact editing the database record for CustomerB. 然后,如果我单击返回到CustomerA的选项卡并开始编辑该页面,则实际上是在编辑CustomerB的数据库记录。 This has happened and caused all sorts of problems so I need to find a fool proof way of stopping it. 这已经发生并且引起了各种各样的问题,所以我需要找到一种简单的方法来停止它。 I don't want to put the customer ID in the URL as this will make it open to abuse. 我不想将客户ID放在URL中,因为这会使它易于滥用。
1 个解决方案
解决方案1
0 2014-10-19 10:59:34
Session is not a place to hold information like this exactly because of problems you're describing. 正是由于您所描述的问题,会话不是保存此类信息的地方。 You need to pass customer ID along with the page itself (either in hidden field or in url), so when you post back the form, it exactly knows what are you trying to do. 您需要将客户ID与页面本身一起传递(在隐藏字段或url中),因此当您发回表单时,它确切地知道您要做什么。 Session won't protect you nor add any extra security. 会话不会保护您,也不会增加任何额外的安全性。 You need to determine if the user has correct permissions either way, so you should focus on this aspect. 您需要确定用户是否具有正确的权限,因此您应该专注于这方面。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.