View Single Post
12-11-2008, 08:01 AM
Join Date: Oct 2008
Maybe i can add a timer for my session...
$_SESSION['token_created_time'] = //time of the token created
and check on the request, and update the token value, in about every 20minutes.
But still worried that people visit the page on the 19th minutes, and they will have trouble with the token.
I am still trying to think of a more complex way, maybe store a array of the last few tokens in the session? and they are allow to by pass the security check?
Any comment would be greatly appreciate.
View Public Profile
Send a private message to kokjj87
Find More Posts by kokjj87