Hi Is there a way to validate the session id?
How do I deal with a situation where a user logged in and found something interesting on my site and decided to give the URL address (with jsessionid) of the page to his/her friend? Since the URL has the session id of the sender, the receiver clicks on the link and will have access to the sender account details. How does Amazon.com solve this problem? Their URL addresses always have the session id. If I go to Amazon.com and copy and paste the URL address to a new browser, their system will give me a new session id. Thanks --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
