While running a security application, user refreshed the page. The page shows session expired and shows a link for login. Is the application secure?

Communiquez avec les autres et partagez vos connaissances professionnelles

Inscrivez-vous ou connectez-vous pour rejoindre votre communauté professionnelle.

Next Question:
How I can bypass high security requirements in java 8 to run my application ?
Posted by:
Abdelbasset
12-February-2017

Application Security

Question ajoutée par Anil Yadav , Manager - Group Internal Audit , Kotak Mahindra Bank
Date de publication: 2013/05/09

Apprécier (0) Vues (8) Suiveurs (2) Réponses (2) Report Question

Ajoutez Une Réponse
Inscrivez-vous ou connectez-vous pour répondre.

2 Réponses

par Anil Yadav , Manager - Group Internal Audit , Kotak Mahindra Bank

Yes it is secure as it is asking you to re enter your credentials

Apprécier (0)

Déprécier Réponses () Rapport

par Rameez Ahmed Sayad , .Net Consultant , Proximus Luxembourg

Refreshing a page which performs a postback , it can expire the session again depending on what action you performed , best would be to not allow the same action and inform the user that transaction is completed.

If it is expiring the session for GET requests , I would say it's overdoing security. Reasons being we can't assume that the browser and server will always go hand in hand . So most of the times network latency (delay) or not found people will refresh the page , so a site should expect refreshes.

Apprécier (0)

Déprécier Réponses () Rapport