Thanks, Joshua. I tested out your development version 0.17 and it worked
perfect for me.
One thing I noticed was that if GetSession is improperly used, it could
cause big security holes. By nature it will be used to access someone
else's session, so the application should take care not to send the other
SessionID across the net. Even within an SSL connection (as I'm using) it's
not wise to even let one other person know the SessionID of another user. I
made an internal 1:1 reference map of SessionIDs to unique identifiers which
then can be sent over the net safely, to allow controlled access to other
sessions.
Anyway, just thought I'd mention this, though I'm sure you already realized
it. You might want to put a note in your API documentation to take care not
to reveal the SessionID when you use GetSession.
- Adi
Joshua Chamas wrote:
>
> I have added an $Application->GetSession($session_id) API
> extension to Apache::ASP. I'll send you my latest dev version
> in a separate email.
>
> -- Joshua
> _________________________________________________________________
> Joshua Chamas Chamas Enterprises Inc.
> NODEWORKS >> free web link monitoring Huntington Beach, CA USA
> http://www.nodeworks.com 1-714-625-4051
