Not true. Cookies for secure sites, as long as they are session only, are supposed to be stored in memory.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Hill Sent: Tuesday, March 07, 2006 3:55 PM To: webobjects-dev Subject: Re: Hiding session id in the URL Of course, if they can copy the URL, they can also look at the cookies and copy them. You can add a separate cookie of your own and cross validate them, but that only makes it harder. Or, if it is available, you can keep the user's IP in their session and check that the IP of each new request matches it. But, at some point, all of this can be spoofed. Chuck On Mar 7, 2006, at 12:49 PM, Sacha Michel Mallais wrote: > On Mar 7, 2006, at 12:35 PM, Tanmoy Roy wrote: > >> I have an application which does quite a lot of form submissions. My >> application is a secured application and if the Session id is exposed >> then any user can copy the URL and paste the same in his/her browser >> then he/she will be able to view the same page as that of the other >> user. This has to be protected so that whenever he/she does that >> he/she will be presented with a new login page. > > You can tell WO to use cookies to store the session IDs. Check out > WOSession.setStoresIDsInCookies(). > > > sacha > > > -- > Sacha Michel Mallais Senior Developer / President > Global Village Consulting Inc. http://www.global-village.net/ > PGP Key ID: 7D757B65 AIM: smallais > > > _______________________________________________ > Do not post admin requests to the list. They will be ignored. > Webobjects-dev mailing list ([email protected]) > Help/Unsubscribe/Update your Subscription: > http://lists.apple.com/mailman/options/webobjects-dev/chill% > 40global-village.net > > This email sent to [EMAIL PROTECTED] -- Coming in 2006 - an introduction to web applications using WebObjects and Xcode http://www.global-village.net/wointro Practical WebObjects - for developers who want to increase their overall knowledge of WebObjects or who are trying to solve specific problems. http://www.global-village.net/products/practical_webobjects _______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list ([email protected]) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/webobjects-dev/cawineguy%40gmail.com This email sent to [EMAIL PROTECTED] _______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list ([email protected]) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to [email protected]
