如何将我的应用限制在单个浏览器标签中? [英] How to restrict my app to a single browser tab?
问题描述
坦率地说,它只是在v1.0中引起了太多的麻烦,因为它具有需要三个表单提交的功能,其中 $ _ SESSION 会话数据包含所有中间内容 - 仅让用户启动操作,然后打开第二个选项卡并执行第二个操作,该操作会践踏会话数据。
Frankly, it's just causing too much hassle in in v1.0 to have a functionality which requires three form submissions, with $_SESSION session data holding all of the intermediate stuff - only to have a user start an operation, then open a second tab and perform a second operation which tramples over the session data.
我怀疑这是恶意的(但是不能打折它)。用户更有可能开始操作,被中断,忘记他们已经开始或无法找到原始标签,因此再次启动(然后再找到原始标签并尝试第二次完成操作)。
I doubt that this is malicious (but can’t discount it). More likely the user starts an operation, gets interrupted, forgets that they started or can’t find the original tab so starts again (then later finds the original tab and tries to complete the operation a second time).
由于我在PHP编码,我可以检测表单提交时会话数据的存在(如果用户打开另一个选项卡,我将如何使用JS?我想我需要Ajax - 对吧?)。
Since I am coding in PHP I can detect the existence of session data on form submission (how would I do that with JS if the user as much as opens another tab – I guess that I would need Ajax – right?).
所以,每次我开始一个操作时,我会在会话数据中检查一个标志,如果设置我重新加载到对不起,戴夫。我恐怕我不能这样做页面,否则我设置标志并继续(记住在操作结束时清除它)。
So, each time I start an operation I check for a flag in session data and if set I reload to a "I’m sorry, Dave. I’m afraid I can’t do that" page, else I set the flag and continue (remembering to clear it at the end of the operation).
我猜那可行,但是:
1)将浏览器应用程序限制为单个选项卡/实例是否可以接受?
2)我是否应该尝试在v2.0中允许多个实例?
I guess that that would work, but:
1) Is it acceptable to restrict browser apps to a single tab/instance?
2) Should I attempt to allow multiple instances in v2.0 ?
还有其他评论,帮助或建议吗?
Any other comments, help or advice?
推荐答案
A更好的设计是避免在会话中存储用户交互状态。将它放在隐藏的表单字段或其他内容中,以便每个客户端请求都带有与之关联的状态。如果您担心用户篡改它,请使用HMAC来防止它,并且如果它包含用户无法看到的内容,则可能加密它。
A better design would be to avoid storing user interaction state in the session. Put it in hidden form fields or something so that each client request carries its associated state with it. If you're concerned about the user tampering with it, use an HMAC to prevent that, and possibly encrypt it if it contains things the user shouldn't be able to see.
仅表示应在选项卡之间共享 - 例如用户的登录标识或类似购物车 - 应该存储在会话中。
Only state that should be shared between tabs — like the user's login identity, or something like a shopping cart — should be stored in the session.
这篇关于如何将我的应用限制在单个浏览器标签中?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
