[Seaside] Session (in)security?

Boris Popov boris at deepcovelabs.com
Thu Jun 15 17:27:12 UTC 2006

Umm, here's something I wish wasn't happening in the default install of
Seaside. If I go to someplace within the application and email the URL that
shows in the browser, say


to somebody, that person can currently click on that link and acquire my
session and keep on going. I hope I don't need to explain why this is plain
wrong, but how can I address that?



DeepCove Labs Ltd.
4th floor 595 Howe Street
Vancouver, Canada V6C 2T5

boris at deepcovelabs.com


This email is intended only for the persons named in the message
header. Unless otherwise indicated, it contains information that is
private and confidential. If you have received it in error, please
notify the sender and delete the entire message including any

Thank you.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3370 bytes
Desc: not available
Url : http://lists.squeakfoundation.org/pipermail/seaside/attachments/20060615/82e3f51a/smime.bin

More information about the Seaside mailing list