> > Hello, two questions about Seaside sessions:
> >
> > 1) URL sharing between different users - what if "boss" shares URL from
> > his browser and send it to another regular user - of course, easy way,
> > whole URL with session (_s=xxxx) - when another/regular user opens that
> > link -> whole "boss" session opens in regular user's browser, with all
> > "boss" permissions, UI state etc etc - very bad, is there any solution for
> > this? Rewrite every (!) URL with updateURL: is not solution :(
> >
> >
> Probably it's not what you need, but in my case I wanted to forbid (show an
> error) what you call "URL sharing" because of security issues. Anyway, if
> you want this, let me know and I show you how I did it.

Yes this is also possible, but instructing users that do not share their URLs 
is insufficient (they will do it!).

How is possible to "forbid" URL copy/pasting from one browser to another? With 
session + auth cookie tracking strategy (already suggested in this thread)?

> > 2) What is the actual way for "session expiration/login page"? There is
> > few tutorials and books on the inet - but info about session expiration is
> > obsolete :( Methods from tutorials not exists in Seaside 3.2.0.
> > Some trick with WAApplication subclass is actual?
> >
> > Thanks very much! pf
> >
> >
> 
> 
> -- 
> Mariano
> http://marianopeck.wordpress.com

Reply via email to