Hi, I didnt understand what you want to do! Let me repeat:
User "A" sees your application and has the SessionID "123". You want to prevent the user "B" to see the application using the SessionID "123" with the protected area from "A"? I mean, if you mean this, what's new? This problem has everybody in the Web-World? You can use https to encrypt it. Set the sessionTimeOut to very low. 5 minutes like Banks. Or did I misunderstood something? Sako ----- Original Message ----- From: "Tanmoy Roy" <[EMAIL PROTECTED]> To: "webobjects-dev" <[email protected]> Sent: Tuesday, March 07, 2006 9:35 PM Subject: Hiding session id in the URL Hi All, I have an application which does quite a lot of form submissions. My application is a secured application and if the Session id is exposed then any user can copy the URL and paste the same in his/her browser then he/she will be able to view the same page as that of the other user. This has to be protected so that whenever he/she does that he/she will be presented with a new login page. -- Best, Tanmoy _______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list ([email protected]) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/webobjects-dev/webobjects%40datos.de This email sent to [EMAIL PROTECTED] _______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list ([email protected]) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to [email protected]
