Actually it will open on another machine quite nicely. You have to have the ignore source address checked and just copy the exact URL string to another machine and it will opne up the session once it hasn't timed out.
Craig. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Eric S. Williams Sent: Monday, December 03, 2001 2:56 PM To: [EMAIL PROTECTED] Subject: RE: [imail] Security issue this is a security "feature" related to the way the imail webmessaging engine implements cookies and session management and has nothing to do with hksi's interfaces per say (although hksi has done some nice work to beef up session duration) imail's default timeout on a webmessaging cookied session is, i think, 12 minutes that should give you enough information to do further experiments also, try copying the session cookie and url to a entirely different system and see if you can hijack the session - it won't work . . . Eric S. Williams vCty, Inc. ______________________________________________________________________ The HKSI-IMail Admin List is hosted by........ Humankind Systems, Inc. Questions, Comments or Complain like Hell.. mailto:[EMAIL PROTECTED] Message Archive... http://www.tallylist.com/archives/index.cfm/mlist.4 To Manage your Subscription......... http://humankindsystems.com/lists
