cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefano Mazzocchi <stef...@apache.org>
Subject Re: Fwd: [jetty-discuss] Microsoft IE7 compromise of session security
Date Mon, 03 Oct 2005 15:44:24 GMT
Tony Collen wrote:
> Pier Fumagalli wrote:
>> I found this on the Jetty list, and thought it was relevant as in the 
>> examples we tend to encode the continuation ID into the URL...
>>
>> This is f***ing scary!!!
>>
>>     Pier
> 
> 
> Maybe it's time we make Cocoon automatically pull the continuation ID  
> from a session tied to a cookie.

That would prevent us from the ability to have (or detect!) multiple 
browser windows, as a cookie is not per-window, but per-browser.

-- 
Stefano.


Mime
View raw message