> On Tue, 7 Dec 1999, Joshua Chamas wrote:
> > > > I am going to give ASP developers a session
> option, it should be
> > > > possible to make secure.
Stas Bekman wrote:
> But if you intercept the redirection, why not to
> strip/modify the
> HTTP_REFER header at the server side?
how about a call to something like
<a href="<%= $Server->StripSession('evil.perl.com')
%>">evil perl session pirates</a>
that calls something which strips the referer and
redirects.
remi
__________________________________________________
Do You Yahoo!?
Thousands of Stores. Millions of Products. All in one place.
Yahoo! Shopping: http://shopping.yahoo.com
