On Thu, Oct 22, 2009 at 4:54 PM, Randinn <rand...@gmail.com> wrote:

> I've been pondering this for some time, could an actor be used as a
> cookie,


> if so would that render the stealing attack mote?
> >    7. Lift uses the container's session management (usually JSESSIONID)
> for
> >    session management.  As far as I know, Jetty, Tomcat, Glassfish are
> secure
> >    in terms of the way they deal with sessions.  Of course, anything
> that's not
> >    over SSL is vulnerable to a cookie stealing attack.
> >

Lift, the simply functional web framework http://liftweb.net
Beginning Scala http://www.apress.com/book/view/1430219890
Follow me: http://twitter.com/dpp
Surf the harmonics

You received this message because you are subscribed to the Google Groups 
"Lift" group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to 
For more options, visit this group at 

Reply via email to