Jump to content


Check out our Community Blogs

Register and join over 40,000 other developers!


Recent Status Updates

View All Updates

Photo
- - - - -

Get session timeout

ajax session

  • Please log in to reply
4 replies to this topic

#1 Vaielab

Vaielab

    Programming God

  • Expert Member
  • PipPipPipPipPipPipPip
  • 1382 posts
  • Location:Quebec City
  • Programming Language:Java, C++, C#, PHP, JavaScript, Visual Basic .NET, Transact-SQL, ActionScript

Posted 16 August 2011 - 04:24 AM

Hi,

In my new contract, I have to create some sort of administration for hospital all in php.
I won't go into too much details, but some person (like doctors) want to stay loggued in this administration all days without having to retype their password.
Of course, nurse (that are closer to patients so a patient could get access to the computer) have to retype their password more often.

The way I was thinking of keeping the session alive is to send an ajax request time to time whem the user is a doctor.
But I didn't find anywhere where I could output the session timeout time, I find a lot of article how to extends the session timeout, but nothing about retreiving it.

So anyone have an idea how to do so... or maybe a other way to extends the session based on the type of user?
Thx
  • 0

#2 WingedPanther73

WingedPanther73

    A spammer's worst nightmare

  • Moderator
  • 17757 posts
  • Location:Upstate, South Carolina
  • Programming Language:C, C++, PL/SQL, Delphi/Object Pascal, Pascal, Transact-SQL, Others
  • Learning:Java, C#, PHP, JavaScript, Lisp, Fortran, Haskell, Others

Posted 16 August 2011 - 04:37 AM

Why not use a cookie to automatically reauthenticate? In that case, the session will still time out, but a doctor reconnecting will be automatically "reconnected", whereas a nurse would not. The only real concern would be if someone else gets on the doctor's computer.

The reality, however, is that the doctors may need to be reminded that enabling unauthorized access to patient records could cost them their license to practice, and are they sure they want to risk that?
  • 0

Programming is a branch of mathematics.
My CodeCall Blog | My Personal Blog

My MineCraft server site: http://banishedwings.enjin.com/


#3 Vaielab

Vaielab

    Programming God

  • Expert Member
  • PipPipPipPipPipPipPip
  • 1382 posts
  • Location:Quebec City
  • Programming Language:Java, C++, C#, PHP, JavaScript, Visual Basic .NET, Transact-SQL, ActionScript

Posted 16 August 2011 - 04:45 AM

A simple cookie with some sort of ID that will reconnect the doctor... that seem unsecure.

And yes I told them about the security risk, but they only want to save time... and anyway it can't be as bad as the system they have now.
Anyone who work at the hospital (and I'm saying anyone even the lunch lady), have a advanced tab where they can execute sql code without restriction.
I was almost crying when I saw this...
  • 0

#4 WingedPanther73

WingedPanther73

    A spammer's worst nightmare

  • Moderator
  • 17757 posts
  • Location:Upstate, South Carolina
  • Programming Language:C, C++, PL/SQL, Delphi/Object Pascal, Pascal, Transact-SQL, Others
  • Learning:Java, C#, PHP, JavaScript, Lisp, Fortran, Haskell, Others

Posted 16 August 2011 - 06:49 AM

Having an open browser logged in as a doctor is also not secure.

Here's the problem, security and ease-of-use almost always get in each other's way.

Let's start with a different question: who's driving the project? If it's the doctors, then they can have whatever they want. If it's the board of directors who are responsible for keeping the hospital in good standing with the fed, the doctors can jump in a lake. I've dealt with pharmaceutical companies in the past, and I can tell you security is a BIG deal to them. I would not expect it to be different in a hospital. Start with who's neck will be on the line if there's a security breach, and get that person involved.
  • 0

Programming is a branch of mathematics.
My CodeCall Blog | My Personal Blog

My MineCraft server site: http://banishedwings.enjin.com/


#5 Vaielab

Vaielab

    Programming God

  • Expert Member
  • PipPipPipPipPipPipPip
  • 1382 posts
  • Location:Quebec City
  • Programming Language:Java, C++, C#, PHP, JavaScript, Visual Basic .NET, Transact-SQL, ActionScript

Posted 16 August 2011 - 06:57 AM

Good way of thinking, I like that... I'll try to get a meeting with the director soon
  • 0





Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download