284
seCure develoPment For mobIle APPs
e next step is to manually check whether username and passwords are present in
the request variables. is is the traditional way using iss et() and empty(). An
automated way of performing this task is presented in the Cleaner class.
Next, NonceTracker is employed to verify that this form was generated for this
request. If not, the request is forcefully redirected and is not processed any further.
Please see the “Class NonceTracker Detail” section in Chapter 15 for more information.
$sm->checkLoginRequest();
is call to SessionManager::checkLoginRequest() is intentionally
redundant and is given as an example of wrapping a check for the user credentials in
the request array.
at concludes the basic steps f ...