• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Hiding session id in the URL
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Hiding session id in the URL


  • Subject: Re: Hiding session id in the URL
  • From: "WebObjects" <email@hidden>
  • Date: Wed, 8 Mar 2006 11:13:25 +0100

Hi,

I didnt understand what you want to do!
Let me repeat:

User "A" sees your application and has the SessionID "123".
You want to prevent the user "B" to see the application using the  SessionID
"123" with the protected area from "A"?

I mean, if you mean this, what's new? This problem has everybody in the
Web-World?

You can use https to encrypt it.
Set the sessionTimeOut to very low. 5 minutes like Banks.

Or did I misunderstood something?


Sako


----- Original Message -----
From: "Tanmoy Roy" <email@hidden>
To: "webobjects-dev" <email@hidden>
Sent: Tuesday, March 07, 2006 9:35 PM
Subject: Hiding session id in the URL


Hi All,
I have an application which does quite a lot of form submissions. My
application is a secured application and if the Session id is exposed
then any user can copy the URL and paste the same in his/her browser
then he/she will be able to view the same page as that of the other
user. This has to be protected so that whenever he/she does that
he/she will be presented with a new login page.

--
Best,
Tanmoy
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden



 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

References: 
 >Hiding session id in the URL (From: "Tanmoy Roy" <email@hidden>)

  • Prev by Date: Re: java.lang.outofmemory
  • Next by Date: WODisplayGroup & RawRows
  • Previous by thread: Re: Hiding session id in the URL
  • Next by thread: Expanding Import
  • Index(es):
    • Date
    • Thread