Here is a good example of session-hijacking. You use userreferenceargument and the user at a workstation opens up 2 instances of a browser and both looking at the same page.
You see where this can go... Ben Johansen - http://www.pcforge.com Authorized Witango & MDaemon Reseller Available for Witango Developement -----Original Message----- From: Stefan Gonick [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 13, 2004 9:38 AM To: [EMAIL PROTECTED] Subject: Re: Witango-Talk: Cookies At 12:33 PM 10/13/2004, you wrote: >1. I have had userreferencearguments spidered. Don't recall if it was google >or another, but it was there. >2. the userreferenceargument is in the visitor's history. Had a case at a >non-witango site of going to a site in my history and having the session >cookie in the URL. When I got to the site, I was joined into a session with >another visitor and could see that person's order and credit card >information. I STILL don't understand why UserReferences from a week ago should lead to session hijacking. Wouldn't this UserReference have expired a long time ago? Wouldn't that result in creating a new UserReference? If not, wouldn't this be considered a bug? Stefan ===================================================== Database WebWorks: Dynamic web sites through database integration http://www.DatabaseWebWorks.com ________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf ________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
