Re: [Cppcms-users] Sessions
Brought to you by:
artyom-beilis
Menu
▾
▴
Re: [Cppcms-users] Sessions
|
From: Artyom <art...@ya...> - 2010-08-21 08:31:51
|
No, as policy, CppCMS uses Cookies based sessions only as adding SID to URL like in PHP has major security issues, for example the sid is exposed by browser in referrer link and allows SID to be stolen: i.e. page www.foo.com/url?sid=1234566 link to www.bar.com Now user clicks on the link and now on bar.com I have Referrer: http://www.foo.com/url?sid=1234566 And now it can login to foo.com with your account. This is bad. > > Another question: is it possible to have the session id to be > transparently added as a url parameter, when cookies are not available > (such as php does this)? > > thank, |
