How to maintain session in different tabs of same browser?
Question
My website is used to administer customer accounts. If I access CustomerA's account through the website then open a new tab and access CustomerB's account the session holding the customer ID updates to think I'm now working on CustomerB. Then if I click back to CustomerA's tab and start editing that page I am in fact editing the database record for CustomerB. This has happened and caused all sorts of problems so I need to find a fool proof way of stopping it. I don't want to put the customer ID in the URL as this will make it open to abuse.
1 answers
solution1
0 2014-10-19 10:59:34
Session is not a place to hold information like this exactly because of problems you're describing. You need to pass customer ID along with the page itself (either in hidden field or in url), so when you post back the form, it exactly knows what are you trying to do. Session won't protect you nor add any extra security. You need to determine if the user has correct permissions either way, so you should focus on this aspect.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.