cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sylvain Wallez <>
Subject Re: Fwd: [jetty-discuss] Microsoft IE7 compromise of session security
Date Mon, 03 Oct 2005 10:04:07 GMT
Tony Collen wrote:

> Pier Fumagalli wrote:
>> I found this on the Jetty list, and thought it was relevant as in the 
>> examples we tend to encode the continuation ID into the URL...
>> This is f***ing scary!!!
>>     Pier
> Maybe it's time we make Cocoon automatically pull the continuation ID  
> from a session tied to a cookie.

That won't work as a continuation is related to the page displayed in 
the browser rather than to the browser itself, as is a cookie.

I'm with Reinhard: let's tie continuations to sessions, which should be 
fine for 99.9% of the use cases. Even if the continuation ID is in the 
URL, it won't be accessible without the session id cookie.


Sylvain Wallez                        Anyware Technologies
Apache Software Foundation Member     Research & Technology Director

View raw message