cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vadim Gritsenko <va...@reverycodes.com>
Subject Re: Possible security problem with flowscript
Date Fri, 15 Oct 2004 13:29:55 GMT
Leszek Gawron wrote:
> Vadim Gritsenko wrote:
> 
>> Leszek Gawron wrote:
>>
>>> Sylvain Wallez wrote:
>>>
>>>> Leszek Gawron wrote:
>>>>
>>>>> 1. You login.
>>>>> 2. Do stuff.
>>>>> 3. Logout.
>>
>>
>> Did you forgot to invalidate continuations? Your fault. (1)
> 
> invalidating every continuation by hand is asking for problems hard to 
> find.
> For web application which requires session it is very convenient to 
> invalidate all continuations when continuation holder is unbound from 
> session (session invalidated).

Agreed, with minor differences. Currently I don't have any special "continuation 
holder", just single root continuations object. Moving the logic of maintaining 
and invalidating root continuations object into flow implementation makes sense 
to me.


>> I left some comments already in the bug report.
> 
> Thank you .. I have made a comment also. Please read it if you have time.

Done :)

Vadim

Mime
View raw message