[Seaside] Session (in)security?
cdshaffer at acm.org
Thu Jun 15 17:49:43 UTC 2006
Boris Popov wrote:
>application preferenceAt: #useSessionCookie put: true
>Me wonders why this isn't on by default, we almost deployed with this being
You can also
self addDecoration: WASessionProtector new
in your root component. WASessionProtector checks to make sure that
requests come from the same IP address as the original request. Doesn't
do much good if two requests come from different users behind the same
proxy though. I use this scheme because AFAIK there are still some
problems with session cookies....maybe they've been fixed though.
More information about the Seaside