Hi !
I have been following the discussion about session management ( amongst
others ) and I just thought about something : if I understand correctly, one
can implement session management through URL rewritting which, in a word,
does nothing more than adding the session ID to the URL in the form of a
query string. My question : this means that someone could intercept a
request (or just take a peak at the browser ), and use the session ID to
interfere this session. Doesn't that pose a security problem ? Or am I
missing something obvious here ?
Thanks, Martin
[EMAIL PROTECTED]
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
FAQs on JSP can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
