> > Hello, two questions about Seaside sessions: > > > > 1) URL sharing between different users - what if "boss" shares URL from > > his browser and send it to another regular user - of course, easy way, > > whole URL with session (_s=xxxx) - when another/regular user opens that > > link -> whole "boss" session opens in regular user's browser, with all > > "boss" permissions, UI state etc etc - very bad, is there any solution for > > this? Rewrite every (!) URL with updateURL: is not solution :( > > > > > Probably it's not what you need, but in my case I wanted to forbid (show an > error) what you call "URL sharing" because of security issues. Anyway, if > you want this, let me know and I show you how I did it.
Yes this is also possible, but instructing users that do not share their URLs is insufficient (they will do it!). How is possible to "forbid" URL copy/pasting from one browser to another? With session + auth cookie tracking strategy (already suggested in this thread)? > > 2) What is the actual way for "session expiration/login page"? There is > > few tutorials and books on the inet - but info about session expiration is > > obsolete :( Methods from tutorials not exists in Seaside 3.2.0. > > Some trick with WAApplication subclass is actual? > > > > Thanks very much! pf > > > > > > > -- > Mariano > http://marianopeck.wordpress.com