Re: [Cppcms-users] Sessions
Brought to you by:
artyom-beilis
Menu
▾
▴
Re: [Cppcms-users] Sessions
|
From: Frank E. <fra...@an...> - 2010-08-21 09:12:32
|
agreed. youre right. On Aug 21, 2010, at 10:31, Artyom <art...@ya...> wrote: > No, as policy, CppCMS uses Cookies based sessions only as > adding SID to URL like in PHP has major security issues, for example > the sid is exposed by browser in referrer link and allows SID to > be stolen: > > i.e. > > page www.foo.com/url?sid=1234566 > > > link to www.bar.com > > Now user clicks on the link and now on bar.com I have > > Referrer: http://www.foo.com/url?sid=1234566 > > And now it can login to foo.com with your account. This is bad. > >> >> Another question: is it possible to have the session id to be >> transparently added as a url parameter, when cookies are not available >> (such as php does this)? >> >> thank, > > > > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by > > Make an app they can't live without > Enter the BlackBerry Developer Challenge > http://p.sf.net/sfu/RIM-dev2dev > _______________________________________________ > Cppcms-users mailing list > Cpp...@li... > https://lists.sourceforge.net/lists/listinfo/cppcms-users |
