On 10/13/04 9:38 AM, "Stefan Gonick" <[EMAIL PROTECTED]> wrote:
> At 12:33 PM 10/13/2004, you wrote:
>
>> 1. I have had userreferencearguments spidered. Don't recall if it was google
>> or another, but it was there.
>> 2. the userreferenceargument is in the visitor's history. Had a case at a
>> non-witango site of going to a site in my history and having the session
>> cookie in the URL. When I got to the site, I was joined into a session with
>> another visitor and could see that person's order and credit card
>> information.
>
>
> I STILL don't understand why UserReferences from a week ago should
> lead to session hijacking. Wouldn't this UserReference have expired a long
> time ago? Wouldn't that result in creating a new UserReference? If not,
> wouldn't this be considered a bug?
>
> Stefan
I believe the way it works is that if you have cookies off and enter with a
userreferenceargument, you'll be in the session with that self-assigned
value.
________________________________________________________________________
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
