On Fri, Apr 30, 2010 at 10:12 AM, Ferran Fontcuberta <[email protected]> wrote: > On 29/04/10 09:20, Branko Vukelic wrote: >> >> There is very little a malicious visitor could do (directly to your >> session data) unless your server gets hacked. Sessions are stored in >> your machine, and the only thing passed to user is the session ID. On >> the other hand, session IDs can be manipulated in any number of ways, >> but it's also very difficult to do so. > > what about session hijacking? is webpy taking pills for it? :? > > thank you!
I think it does, though I haven't used web.py in a long while. -- Branko Vukelić [email protected] [email protected] Check out my blog: http://www.brankovukelic.com/ Check out my portfolio: http://www.flickr.com/photos/foxbunny/ Registered Linux user #438078 (http://counter.li.org/) I hang out on identi.ca: http://identi.ca/foxbunny -- You received this message because you are subscribed to the Google Groups "web.py" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/webpy?hl=en.
