[Seaside] Seaside session stealing

Lukas Renggli renggli at gmail.com
Wed Apr 22 06:15:30 UTC 2009

>    | currentAccessIP |
>     currentAccessIP :=  self session currentRequest nativeRequest
>                                          headerAt: 'x-forwarded-for'
>                                          ifAbsent: [].
>     currentAccessIP ~= lastClientAccessIP ifTrue: ["the Seaside session has
> been stolen"].

Code like this was one of my first contributions to Seaside. Have a
look at WASessionProtector. As its says in the class comment this
trick does not work for a group of people that share the same external
IP, as this is often the case in companies or universities.


Lukas Renggli

More information about the seaside mailing list