On Wed, Sep 21, 2016 at 7:31 AM, Petr Fischer <petr.fisc...@me.com> wrote:

> Hello, two questions about Seaside sessions:
> 1) URL sharing between different users - what if "boss" shares URL from
> his browser and send it to another regular user - of course, easy way,
> whole URL with session (_s=xxxx) - when another/regular user opens that
> link -> whole "boss" session opens in regular user's browser, with all
> "boss" permissions, UI state etc etc - very bad, is there any solution for
> this? Rewrite every (!) URL with updateURL: is not solution :(
Probably it's not what you need, but in my case I wanted to forbid (show an
error) what you call "URL sharing" because of security issues. Anyway, if
you want this, let me know and I show you how I did it.

> 2) What is the actual way for "session expiration/login page"? There is
> few tutorials and books on the inet - but info about session expiration is
> obsolete :( Methods from tutorials not exists in Seaside 3.2.0.
> Some trick with WAApplication subclass is actual?
> Thanks very much! pf


Reply via email to