At 12:33 PM 10/13/2004, you wrote:
1. I have had userreferencearguments spidered. Don't recall if it was google or another, but it was there. 2. the userreferenceargument is in the visitor's history. Had a case at a non-witango site of going to a site in my history and having the session cookie in the URL. When I got to the site, I was joined into a session with another visitor and could see that person's order and credit card information.
I STILL don't understand why UserReferences from a week ago should lead to session hijacking. Wouldn't this UserReference have expired a long time ago? Wouldn't that result in creating a new UserReference? If not, wouldn't this be considered a bug?
Stefan
=====================================================
Database WebWorks: Dynamic web sites through database integration
http://www.DatabaseWebWorks.com
________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
