Re: Hiding session id in the URL
Re: Hiding session id in the URL
- Subject: Re: Hiding session id in the URL
- From: "WebObjects" <email@hidden>
- Date: Wed, 8 Mar 2006 11:13:25 +0100
Hi,
I didnt understand what you want to do!
Let me repeat:
User "A" sees your application and has the SessionID "123".
You want to prevent the user "B" to see the application using the SessionID
"123" with the protected area from "A"?
I mean, if you mean this, what's new? This problem has everybody in the
Web-World?
You can use https to encrypt it.
Set the sessionTimeOut to very low. 5 minutes like Banks.
Or did I misunderstood something?
Sako
----- Original Message -----
From: "Tanmoy Roy" <email@hidden>
To: "webobjects-dev" <email@hidden>
Sent: Tuesday, March 07, 2006 9:35 PM
Subject: Hiding session id in the URL
Hi All,
I have an application which does quite a lot of form submissions. My
application is a secured application and if the Session id is exposed
then any user can copy the URL and paste the same in his/her browser
then he/she will be able to view the same page as that of the other
user. This has to be protected so that whenever he/she does that
he/she will be presented with a new login page.
--
Best,
Tanmoy
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden