On Tue, May 09, 2000 at 03:36:38PM -0700, Jeffrey W. Baker wrote:
> >
> > The cool thing about this is that relative links need not be rewritten at
> > all, the browser handles it!
<snip>
>
> I like to use session ids at the beginning of the URL for another
> reason: the users understand it. For example, if they visit a URL:
>
> https://secretstartup.com/home/abcdef0987654321/foo/bar/baz/quux
Ok, that`s convenient, but what if the user follows a link to a different
site? Those having access to the logfile of the new site will be able to snoop the
sessionid`s if they are fast enough (or have a script monitoring the
logfiles) via the referer header.
Harm
--
Today is Setting Orange, the 57th of Discord, 3166.
The Moon is Waxing Crescent (41% of Full)
nieuw.nl - 2dehands.nl
