Utilities for exploit mitigation.
A utility class for providing client support for exploit mitigation (requires corresponding server-side support).
Array of tickets included with the Web page. Tickets should be included for server-side requests requiring the presence of a ticket.
array = Hemi.web.security.PageTickets
Adds a new page ticket to the PageTickets array. Used to reduce CSRF exploit potential. A page ticket is a guid stored with the session, optionally for a specific server resource, and which may be required to complete an action. Refer to the Hemi/Components/component.session.xml component, Account Manager 4 project, and Core Web project for a reference implementation.
void AddPageTicket( sId, sUri )
Returns any session object added to the registry. Hemi includes the Session component for use with Account Manager 4. This can easily be updated to fit any desired server configuration.
oSession = GetSession( )
oSession as object: Returns the session object from the registry.
Uses the Session Component to determine whether the current session has been authenticated.
bAuth = IsAuthenticated( )
bAuth as boolean: Returns a bit indicating whether the session includes an authentication bit.
[ Hemi JavaScript Framework - Stephen W. Cote, 2002 - 2009. ]