Start networking and exchanging professional insights

Register now or log in to join your professional community.

Follow

While running a security application, user refreshed the page. The page shows session expired and shows a link for login. Is the application secure?

user-image
Question added by Anil Yadav , Manager - Group Internal Audit , Kotak Mahindra Bank
Date Posted: 2013/05/09
Anil Yadav
by Anil Yadav , Manager - Group Internal Audit , Kotak Mahindra Bank

Yes it is secure as it is asking you to re enter your credentials

Rameez Ahmed Sayad
by Rameez Ahmed Sayad , .Net Consultant , Proximus Luxembourg

Refreshing a page which performs a postback , it can expire the session again depending on what action you performed , best would be to not allow the same action and inform the user that transaction is completed.

If it is expiring the session for GET requests , I would say it's overdoing security. Reasons being we can't assume that the browser and server will always go hand in hand . So most of the times network latency (delay) or not found people will refresh the page , so a site should expect refreshes.

More Questions Like This