Bayt.com

Start networking and exchanging professional insights

Register now or log in to join your professional community.

Follow

While running a security application, user refreshed the page. The page shows session expired and shows a link for login. Is the application secure?

Application Security
user-image
Question added by Anil Yadav , Manager - Group Internal Audit , Kotak Mahindra Bank
Date Posted: 2013/05/09
Upvote (0) Views (8) Followers (2) Answers (2) Report Question
Write an Answer
Register now or log in to answer.
Anil Yadav
by Anil Yadav , Manager - Group Internal Audit , Kotak Mahindra Bank

Yes it is secure as it is asking you to re enter your credentials

Rameez Ahmed Sayad
by Rameez Ahmed Sayad , .Net Consultant , Proximus Luxembourg

Refreshing a page which performs a postback , it can expire the session again depending on what action you performed , best would be to not allow the same action and inform the user that transaction is completed.

If it is expiring the session for GET requests , I would say it's overdoing security. Reasons being we can't assume that the browser and server will always go hand in hand . So most of the times network latency (delay) or not found people will refresh the page , so a site should expect refreshes.

Write Your Answer
More Questions Like This

Do you need help in adding the right keywords to your CV? Let our CV writing experts help you.

Get Help