> how about a call to something like
>
> <a href="<%= $Server->StripSession('evil.perl.com')
> %>">evil perl session pirates</a>
>
> that calls something which strips the referer and
> redirects.
It won't work because the referer (sic) is set by the client, not by the
server. HTTP and HTML provide no way to tell the client to change the
referer. Using Refresh, as suggested, is hack to do just that.
Cookies are great; it's a pity they are a privacy concern.
Interresting: I checked the HTTP/1.0 and 1.1 standards, and there is no
mention of a Refresh field, yet it's passed as an http-equiv. I wonder
the following works in browsers supporting the http-equiv="refresh":
-- BEGIN HTTP RESPONSE -----
200 OK Okay
Refresh: 0,http://ca.yahoo.com/
Content-type: text/html
If your browser supported the the Refresh directive, you would
have been brought <a href="http://ca.yahoo.com/">here</a>
automatically.
-- END HTTP RESPONSE -----
ELB
--
Eric L. Brine | Chicken: The egg's way of making more eggs.
[EMAIL PROTECTED] | Do you always hit the nail on the thumb?
ICQ# 4629314 | An optimist thinks thorn bushes have roses.
