How to store information "per browser tab" in ASP.NET MVC? -


in mvc application have 2 pages process. on first page gather information allow identify database record update. on second page gather new values used update record. in order work, need way persists information between 2 pages, including record id.

i though of 2 way , both have problem.

  1. store information in session object.

    this works long user not open second browser window or tab. if there risk he'll apply modifications wrong record. suppose opens tab 1 , complete first step. record id 1 stored in session object. user open tab 2 , complete first step. record id 2 stored in session object overwriting record id 1. user come first tab , complete second step thinking editing record 1, in fact editing record 2.

  2. store information in hidden field on page.

    this solve problem solution 1 has, trivial ill-intentioned user change record id overwrite record.

while typing question though of third solution. hybrid of theses two, i'm not sure it's safe. store random id in hidden field on page , use prefix key use access data in session object. think work. exploited solution 2 could?

any other way securely store data "per tab" instead of "per session"?

considering way 2 may check security server side. if user not have modification rights on specific record server must not save it. otherwise he/she modifying record has modifications rights on , not matter if he/she doing standard ui or hacking under it.


Comments

Post a Comment

Popular posts from this blog

searchKeyword not working in AngularJS filter -

i writing app using angularjs on front end. want search through table word/field; 1 search box everything. according article here: http://hello-angularjs.appspot.com/searchtable can use filter: searchkeyword this. this code, , not working expected. <label>search: <input ng-model="searchkeyword"></label> <table ng-repeat="post in posts | orderby: sort | filter: searchkeyword"> <tr> <td> {{index(post)}} </td> <td> {{post.title}} </td> <td> {{post.author}} </td> <td> {{post.content}} </td> <td> {{post.date | date: "d/m/yyyy"}} </td> </tr> </table> what should do? thank you try this: controller $scope.posts = [ {title:'title one', author:'author one', content: 'content one'}, {title:'title two', author:'author two', content: 'cont...
Read more

sequelize.js - Sequelize: sort by enum cases -

i have model ( article ) field (the name type ) of type enum('source', 'translated') , return 1 article ordered type field. source articles should returned before translated articles. like: article.findone(order: [ { type: [ 'source', 'translated' ] } ]); unfortunately there appears no built-in solution sorting enums. instead have sort by case , couldn't find documentation on how sequelize. what conventional approach here? sorting case hard in sequelize, sort field (the second answer in linked post) should possible: order: sequelize.fn('field', sequelize.col('type'), 'source', 'translated') it's supported mysql far know though
Read more

user interface - how to replace an ongoing process of image capture from another process call over the same ImageLabel in python's GUI TKinter -

i trying use following code create interactive gui changes color-space(hsv, rbg, grayscale etc) on event of button click. display opencv video in tkinter using multiprocessing being new python having problems multiprocessing , attempts on making gui change it's color space on button clicks hangs entire system. on it's implementation highly appreciated. thankyou. below code: import cv2 pil import image,imagetk import tkinter tk import numpy np multiprocessing import process , queue def quit_it(root,process): root.destroy() process.terminate() def black_andwhite(root,process): process.terminate p=process(target=capture_image, args=(5,queue, )) p.start() root.after(0, func=lambda: update_all(root, image_label, queue)) def update_image(image_label, queue): frame = queue.get() = image.fromarray(frame) b = imagetk.photoimage(image=a) image_label.configure(image=b) image_label._image_cache = b root.update() def update_all(root...
Read more