[Seaside] Session Protector [was Seaside subsets]
Rick Flower
rickf at ca-flower.com
Wed Feb 14 18:31:07 UTC 2007
Boris Popov wrote:
> Rick,
>
> Session protector stores the remote address of a user and checks it for
> every request to prevent most obvious session hijacking (url copying),
> especially when not using session cookies. There are a number of
> limitations, but not many downsides to using it, so it's a good idea to
> have it place working with other measures to secure your applications.
Thanks Boris -- I probably got it from you! (8->
I'll keep it in place then and add some comments to make it clear what
its doing..
More information about the Seaside
mailing list