cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Leszek Gawron <lgaw...@mobilebox.pl>
Subject Re: Fwd: [jetty-discuss] Microsoft IE7 compromise of session security
Date Mon, 03 Oct 2005 06:03:12 GMT
Tony Collen wrote:
> Pier Fumagalli wrote:
> 
>> I found this on the Jetty list, and thought it was relevant as in the 
>> examples we tend to encode the continuation ID into the URL...
>>
>> This is f***ing scary!!!
>>
>>     Pier
> 
> 
> 
> Maybe it's time we make Cocoon automatically pull the continuation ID  
> from a session tied to a cookie.
 From day one I have been using continuations via hidden input field. At 
least I have continuation ID bound to a particular page, not session.

Maybe this functionality is useful but certainly not the best solution 
to hide a continuation ID from url.

-- 
Leszek Gawron                                      lgawron@mobilebox.pl
IT Manager                                         MobileBox sp. z o.o.
+48 (61) 855 06 67                              http://www.mobilebox.pl
mobile: +48 (501) 720 812                       fax: +48 (61) 853 29 65

Mime
View raw message