On Wed, Sep 21, 2016 at 7:31 AM, Petr Fischer <petr.fisc...@me.com> wrote:
> Hello, two questions about Seaside sessions: > > 1) URL sharing between different users - what if "boss" shares URL from > his browser and send it to another regular user - of course, easy way, > whole URL with session (_s=xxxx) - when another/regular user opens that > link -> whole "boss" session opens in regular user's browser, with all > "boss" permissions, UI state etc etc - very bad, is there any solution for > this? Rewrite every (!) URL with updateURL: is not solution :( > > Probably it's not what you need, but in my case I wanted to forbid (show an error) what you call "URL sharing" because of security issues. Anyway, if you want this, let me know and I show you how I did it. > 2) What is the actual way for "session expiration/login page"? There is > few tutorials and books on the inet - but info about session expiration is > obsolete :( Methods from tutorials not exists in Seaside 3.2.0. > Some trick with WAApplication subclass is actual? > > Thanks very much! pf > > -- Mariano http://marianopeck.wordpress.com
