[Seaside] Session (in)security?

David Shaffer cdshaffer at acm.org
Thu Jun 15 17:49:43 UTC 2006

Boris Popov wrote:

>application preferenceAt: #useSessionCookie put: true
>Me wonders why this isn't on by default, we almost deployed with this being
You can also

    super initialize.
    self addDecoration: WASessionProtector new

in your root component.  WASessionProtector checks to make sure that
requests come from the same IP address as the original request.  Doesn't
do much good if two requests come from different users behind the same
proxy though.  I use this scheme because AFAIK there are still some
problems with session cookies....maybe they've been fixed though.


More information about the Seaside mailing list