[Seaside] sharing sessions through links..
Philippe Marschall
philippe.marschall at gmail.com
Mon Oct 27 16:21:55 UTC 2008
2008/10/27 Randal L. Schwartz <merlyn at stonehenge.com>:
>>>>>> "Julian" == Julian Fitzell <julian at fitzell.ca> writes:
>
> Julian> Unless you take action to prevent it, yes. This problem isn't unique
> Julian> to Seaside, of course; any system with session keys in URLs will be
> Julian> have the same problem. You can, of course, configure the session key
> Julian> to be stored in cookies, which eliminates the problem.
>
> Of course, you trade one problem for another there.
There are also strange cases of mobile users who change IPs (this
affects WASessionProtector).
Isn't there a Max Payne quote along the lines of:
if the only choice you've got is to do the wrong thing, then it's not
really the *wrong* thing, is it?
Cheers
Philippe
More information about the seaside
mailing list