gt;
To: "webobjects-dev"
Sent: Tuesday, March 07, 2006 9:35 PM
Subject: Hiding session id in the URL
Hi All,
I have an application which does quite a lot of form submissions. My
application is a secured application and if the Session id is exposed
then any user can copy the URL and paste t
Title: Re: Hiding session id in the
URL
At 12:49 PM -0800 3/7/06, Sacha Michel Mallais wrote:
You can tell WO to use cookies to store
the session IDs. Check out
WOSession.setStoresIDsInCookies().
... and don't forget to also turn OFF the URL sessionID:
setStoresIDsInURLs(
PROTECTED]
[mailto:[EMAIL PROTECTED]
On
Behalf Of Chuck Hill
Sent: Tuesday, March 07, 2006 3:55 PM
To: webobjects-dev
Subject: Re: Hiding session id in the URL
Of course, if they can copy the URL, they can also look at the
cookies and copy them. You can add a separate cookie of your own and
stored in memory.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:webobjects-dev-bounces
[EMAIL PROTECTED] On
Behalf Of Chuck Hill
Sent: Tuesday, March 07, 2006 3:55 PM
To: webobjects-dev
Subject: Re: Hiding session id in the URL
Of course, if they can copy the URL, they can also look at
Behalf Of Chuck Hill
Sent: Tuesday, March 07, 2006 3:55 PM
To: webobjects-dev
Subject: Re: Hiding session id in the URL
Of course, if they can copy the URL, they can also look at the
cookies and copy them. You can add a separate cookie of your own and
cross validate them, but that only makes it
Not true. Cookies for secure sites, as long as they are session only, are
supposed to be stored in memory.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Chuck Hill
Sent: Tuesday, March 07, 2006 3:55 PM
To: webobjects-dev
Subject: Re: Hiding session id
Of course, if they can copy the URL, they can also look at the
cookies and copy them. You can add a separate cookie of your own and
cross validate them, but that only makes it harder. Or, if it is
available, you can keep the user's IP in their session and check that
the IP of each new req
On Mar 7, 2006, at 12:35 PM, Tanmoy Roy wrote:
I have an application which does quite a lot of form submissions. My
application is a secured application and if the Session id is exposed
then any user can copy the URL and paste the same in his/her browser
then he/she will be able to view the same
Hi All,
I have an application which does quite a lot of form submissions. My
application is a secured application and if the Session id is exposed
then any user can copy the URL and paste the same in his/her browser
then he/she will be able to view the same page as that of the other
user. This has
