[Seaside-dev] RE: Rekeying Sessions
Philippe Marschall
philippe.marschall at gmail.com
Wed Mar 18 21:52:13 UTC 2009
2009/3/18 Boris Popov <boris at deepcovelabs.com>:
> Julian,
>
> Most certainly, there's really nothing in there that isn't generally known to Seaside folks already. There really were only 3.5 issues raised,
>
> 1. Session ID Stored in URL (Medium)
I don't agree with this one. I don't see why additionally writing the
session id to disk (that's what browsers do) adds any security. You
still transmit it with every request, just in a different part of the
HTTP header.
Cheers
Philippe
More information about the seaside-dev
mailing list