This may show my ignorance; here it goes...
When a user visits a Turbine app, Turbine
creates a session for the user, and sends
the user an opaque identifier for the session
(in the shape of a cookie or a URL parameter).
Say it is a URL parameter, for simplicity.
How easy would it be for another user on a
separate machine to just copy the whole URL
and, to a certain extent, "hijack" the session?
What information is associated with this
identifier within Turbine to ensure that the
client that originally authenticated is
the one who keeps sending requests for the
session?
Please correct any misunderstandings that I
may have about how Turbine operates. Thanks,
--
Gonzalo A. Diethelm
[EMAIL PROTECTED]
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Search: <http://www.mail-archive.com/turbine%40list.working-dogs.com/>
Problems?: [EMAIL PROTECTED]
