Whitebeam Template Reference Documentation

Site Map
 
Home
 
Application Guide
Reference
  Installation
  Configuration
  XML Markup
  JavaScript Classes
  ROM
  Templates
  Environment
  Dev Process
  Tools
  External Links
  Example libraries
Community
Contact Whitebeam
To-Do
Download
Credits
Licence
Whitebeam Users
 
 
 

Whitebeam Template Reference Documentation

System Template

session.newID() - Available since version 1.3.5

Allocate a new session ID and move data from old to new ID

See Also

rb.page.session.id()   

Syntax

string = rb.page.session.newID()

Parameters

The 'session.newID' method takes no parameters

Results

The 'session.newID' method returns string:

Type/Value Range/Length Description
string  Return the session ID.

Remarks

The Whitebeam Session Tracking mechanism identifies client sessions and allocates each of those sessions a unique ID. Generally once a sessionID has been allocated it remains for the duration of that session. There are however security reasons where changing the session ID provides an extra level of security. The following example illustrates this case:

  1. Vistors arrives at a site's home page triggering the allocation of a new sessionID by the system.
  2. Having viewed a number of pages the user visits a secure SSL 'login' page
  3. The user logs in and can then view sensitive private data

In this scenario the initial page views take place in plain text and could be snooped by suitable network equipment. This would make available the private sessionID in use by that visitor. Once the visitor logs in all an attacker needs to do is make use of the sessionID to view all information associated with the visitor.

rb.page.session.newID() helps prevent this type of attack by allowing an application to allocate a new sessionID for an existing session. This would happen during the login process. This would mean the old sessionID would never hold authentication data for the user. The newID() method does two things:

  1. Allocates a new random session ID for this visitor
  2. Copies all data stored against the old ID to the new ID
  3. Deletes all data associated with the old ID and invalidates that ID

The method returns the new sessionID for the current session.

Whitebeam release 1.3.36
(loadtime : 184ms)