I've been pondering this for some time, could an actor be used as a
cookie, if so would that render the stealing attack mote?

>    7. Lift uses the container's session management (usually JSESSIONID) for
>    session management.  As far as I know, Jetty, Tomcat, Glassfish are secure
>    in terms of the way they deal with sessions.  Of course, anything that's 
> not
>    over SSL is vulnerable to a cookie stealing attack.

You received this message because you are subscribed to the Google Groups 
"Lift" group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to 
For more options, visit this group at 

Reply via email to