Taavi Tiirik wrote:
>>It is possible to do this without using the session, and also by only
>>using the standard redirect action as the result of your Login code
>>(which you can also do as an action).
>>
>>
>>I've done this in TSS and it works very well.
>>
>
> Rickard,
>
> What happens to url
>
>When was this introduced? I must've missed it...argh..
>
>What does this give that the above solution doesn't give? It seems as
>though this is a serious security issue since a user can tweak the URI to
>get to data which should usually not be possible. Not good.
>
I don't think that behavio
