From: <[EMAIL PROTECTED]> > A better way for session ids is to put them in front of the URI: > http://www.nus.edu.sg/dfd3453/some/path/and/file.html (...) > These session ids are sticky as long as you only use relative paths in your > html. Note: You may want to put your images in a directory that's not covered by > this handler and use absolute paths... But wouldn't the session ID get sent to other (possible malicious) servers as well - in the HTTP_REFERER, if the user clicks on an external link? That might enable a script on that other server to grab your user's session. I guess you could add an additional check including the original user's IP address, but that's not really safe either. People working in the same company could spy on each other if they use the same HTTP proxy. Any known workarounds for this? cheers, stefan
- Appending Sessionid to all the urls ktgoh
- Re: Appending Sessionid to all the urls Michael . Jacob
- Re: Appending Sessionid to all the urls Joachim Zobel
- Re: Appending Sessionid to all the urls Jay Jacobs
- Re: Appending Sessionid to all the urls kheeteck
- Re: Appending Sessionid to all the urls Julian Gilbey
- Re: Appending Sessionid to all the urls Stuart Frew
- Re: Appending Sessionid to all the urls Julian Gilbey
- Re: Appending Sessionid to all the urls darren chamberlain
- Re: Appending Sessionid to all the urls stefan weiss
- Re: Appending Sessionid to all the urls Jay Jacobs
- Re: Appending Sessionid to all the urls Stuart Frew
- Re: Appending Sessionid to all the urls Joachim Zobel
- Re: Appending Sessionid to all the urls ___cliff rayman___
- Re: Appending Sessionid to all the urls Stuart Frew
- Re: Appending Sessionid to all the urls Chip Turner
- Re: Appending Sessionid to all the urls brian moseley