I've developed many e-commerce applications using the <@USERREFERENCEARGUMENT>, and never had a case of session hijacking.
The only way that can happen, is if the session is live, and the other user figured out the <@USERREFERENCEARGUMENT>. Of course, opening another browser window during the same session will have the same effect.
The WiTango server flushes the <@USERREFERENCEARGUMENT> when the session is no longer active. So, if the session is no longer active, then there's no way to link to that session, even if it is a static link from a search engine.
Rick
1. I have had userreferencearguments spidered. Don't recall if it was google
or another, but it was there.
2. the userreferenceargument is in the visitor's history. Had a case at a
non-witango site of going to a site in my history and having the session
cookie in the URL. When I got to the site, I was joined into a session with
another visitor and could see that person's order and credit card
information.
________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
