Re: Wosid suppression broken in 5.4?
Re: Wosid suppression broken in 5.4?
- Subject: Re: Wosid suppression broken in 5.4?
- From: Anjo Krank <email@hidden>
- Date: Thu, 20 Dec 2007 01:35:04 +0100
Am 20.12.2007 um 01:22 schrieb James C. Lee:
We were caught by surprise with this new "feature". But the above
one-liner
took care of it. We actually did this in our BaseSession class,
which all
apps subclass from. While we're on the subject of session IDs, also
do this
in the constructor:
Wow. I see. You ARE sure that this one liner actually takes care of:
- having older apps still work for which you neither have source nor
time to work on
- having both the cookie and the ULR work if they are not on sync
- have distributed responsibilities, where some people might allow
cookies and some not
This is just OTOMH, I'm sure I can come up with extra cool XSS stuff
when I put my mind into it. But I no wanna.
Do YOU really want to wade around >3k components just for the heck of
it to make sure that wosid=false is set in each case? And for *what*
again?
Again: It is broken. Please fix, thanks. I don't want to hear about
workarounds, it affects stuff you don't and can't even know or care
about for no reason at all. If Pierre doesn't fix it, Wonder will.
Cheers, Anjo
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden