[Seaside] Seaside session stealing
Lukas Renggli
renggli at gmail.com
Wed Apr 22 06:15:30 UTC 2009
> | currentAccessIP |
> currentAccessIP := self session currentRequest nativeRequest
> headerAt: 'x-forwarded-for'
> ifAbsent: [].
> currentAccessIP ~= lastClientAccessIP ifTrue: ["the Seaside session has
> been stolen"].
Code like this was one of my first contributions to Seaside. Have a
look at WASessionProtector. As its says in the class comment this
trick does not work for a group of people that share the same external
IP, as this is often the case in companies or universities.
Lukas
--
Lukas Renggli
http://www.lukas-renggli.ch
More information about the seaside
mailing list