Register and join over 40,000 other developers!
Recent Topics
-
Tekken 7
IsrealJones - Mar 22 2021 07:21 AM
-
The Game You Are Waiting For?
WendellHarper - Dec 06 2020 01:21 PM
-
Quora and Reddit Backlinks
WendellHarper - Dec 06 2020 01:14 PM
-
Delete account
pindo - Jul 23 2020 01:33 AM
-
New to the community
iwinx - Jul 17 2020 12:02 PM
Recent Blog Entries
Recent Status Updates
Popular Tags
- networking
- Managed C++
- stream
- console
- database
- authentication
- Visual Basic 4 / 5 / 6
- session
- Connection
- asp.net
- import
- syntax
- hardware
- html5
- array
- mysql
- java
- php
- c++
- string
- C#
- html
- loop
- timer
- jquery
- ajax
- javascript
- programming
- android
- css
- assembly
- c
- form
- vb.net
- xml
- linked list
- login
- encryption
- pseudocode
- calculator
- sql
- python
- setup
- help
- game
- combobox
- binary
- hello world
- grid
- innerHTML

4 replies to this topic
#1
Posted 16 August 2011 - 04:24 AM
Hi,
In my new contract, I have to create some sort of administration for hospital all in php.
I won't go into too much details, but some person (like doctors) want to stay loggued in this administration all days without having to retype their password.
Of course, nurse (that are closer to patients so a patient could get access to the computer) have to retype their password more often.
The way I was thinking of keeping the session alive is to send an ajax request time to time whem the user is a doctor.
But I didn't find anywhere where I could output the session timeout time, I find a lot of article how to extends the session timeout, but nothing about retreiving it.
So anyone have an idea how to do so... or maybe a other way to extends the session based on the type of user?
Thx
In my new contract, I have to create some sort of administration for hospital all in php.
I won't go into too much details, but some person (like doctors) want to stay loggued in this administration all days without having to retype their password.
Of course, nurse (that are closer to patients so a patient could get access to the computer) have to retype their password more often.
The way I was thinking of keeping the session alive is to send an ajax request time to time whem the user is a doctor.
But I didn't find anywhere where I could output the session timeout time, I find a lot of article how to extends the session timeout, but nothing about retreiving it.
So anyone have an idea how to do so... or maybe a other way to extends the session based on the type of user?
Thx
#2
Posted 16 August 2011 - 04:37 AM
Why not use a cookie to automatically reauthenticate? In that case, the session will still time out, but a doctor reconnecting will be automatically "reconnected", whereas a nurse would not. The only real concern would be if someone else gets on the doctor's computer.
The reality, however, is that the doctors may need to be reminded that enabling unauthorized access to patient records could cost them their license to practice, and are they sure they want to risk that?
The reality, however, is that the doctors may need to be reminded that enabling unauthorized access to patient records could cost them their license to practice, and are they sure they want to risk that?
Programming is a branch of mathematics.
My CodeCall Blog | My Personal Blog
My MineCraft server site: http://banishedwings.enjin.com/
#3
Posted 16 August 2011 - 04:45 AM
A simple cookie with some sort of ID that will reconnect the doctor... that seem unsecure.
And yes I told them about the security risk, but they only want to save time... and anyway it can't be as bad as the system they have now.
Anyone who work at the hospital (and I'm saying anyone even the lunch lady), have a advanced tab where they can execute sql code without restriction.
I was almost crying when I saw this...
And yes I told them about the security risk, but they only want to save time... and anyway it can't be as bad as the system they have now.
Anyone who work at the hospital (and I'm saying anyone even the lunch lady), have a advanced tab where they can execute sql code without restriction.
I was almost crying when I saw this...
#4
Posted 16 August 2011 - 06:49 AM
Having an open browser logged in as a doctor is also not secure.
Here's the problem, security and ease-of-use almost always get in each other's way.
Let's start with a different question: who's driving the project? If it's the doctors, then they can have whatever they want. If it's the board of directors who are responsible for keeping the hospital in good standing with the fed, the doctors can jump in a lake. I've dealt with pharmaceutical companies in the past, and I can tell you security is a BIG deal to them. I would not expect it to be different in a hospital. Start with who's neck will be on the line if there's a security breach, and get that person involved.
Here's the problem, security and ease-of-use almost always get in each other's way.
Let's start with a different question: who's driving the project? If it's the doctors, then they can have whatever they want. If it's the board of directors who are responsible for keeping the hospital in good standing with the fed, the doctors can jump in a lake. I've dealt with pharmaceutical companies in the past, and I can tell you security is a BIG deal to them. I would not expect it to be different in a hospital. Start with who's neck will be on the line if there's a security breach, and get that person involved.
Programming is a branch of mathematics.
My CodeCall Blog | My Personal Blog
My MineCraft server site: http://banishedwings.enjin.com/
#5
Posted 16 August 2011 - 06:57 AM
Good way of thinking, I like that... I'll try to get a meeting with the director soon
Also tagged with one or more of these keywords: ajax, session
Language Forums →
Other Languages →
ASP, ASP.NET and Coldfusion →
Dynamic controls and asp:button postbackStarted by Tchpowdog, 12 Jun 2016 ![]() |
|
![]() |
||
Language Forums →
HTML, CSS and Javascript →
Redirect after successful data post in AjaxStarted by PuddingEatsPanda, 16 Feb 2016 ![]() |
|
![]() |
||
Language Forums →
HTML, CSS and Javascript →
posting ajax form to multiple urlStarted by mutago, 16 Aug 2015 ![]() |
|
![]() |
||
![]() Call to script via ajax $.post fails unless followed by alert()Started by sayitblue, 11 Jul 2015 ![]() |
|
![]() |
||
Language Forums →
PHP →
Updating chart.js in ajax doesn't render the graph properlyStarted by sachinsharma1507, 03 Jun 2015 ![]() |
|
![]() |
Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download