Hi Stefan, Like I mentioned, there can be more than one reason why the session may still be alive - aside from spiders.
Consider Ian's post - yes, the session is long expired, but two or more people have just clicked on the same Search engine link and have now started a new shared session because they all have the "same" session ID from the link - note the undesirable results. Thank you Ian for putting it so well. The reasons, circumstances and arguments are numerous - why put your business at so much risk? Remove the <@USERREFERENCEARGUMENT> metatag from your code. Have a nice day.... Scott Cadillac, XML-Extranet ~ 403-254-5002 ~ [EMAIL PROTECTED] ------------ Well-formed Programming in C# ASP.NET, Witango and XML For Hire ~ http://xmlx.ca/forhire ------------ IExtranet ~ http://IExtranet.net ------------ Weblog ~ http://xmlx.ca Forums ~ http://forums.xmlx.ca Knowledge Base ~ http://kb.xmlx.ca ------------ P.O. Box 69006 RPO Bridlewood SW Calgary, Alberta Canada T2Y 4T9 -----Original Message----- From: Stefan Gonick <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Date: Wed, 13 Oct 2004 13:17:00 -0400 Subject: Re: Witango-Talk: Cookies > Hi Scott, > > Forgive me if I find this explanation less than satisfying. :) > If sessions typically expire after 30 minutes of inactivity, > then spidered sessions would extremely likely have expired > by the time someone has clicked on the link. Am I missing > something here? > > Stefan > > At 01:10 PM 10/13/2004, you wrote: > >Hi Stefan, > > > >Who knows if it ever expired? > > > >Personally, I think the bug is using <@USERREFERENCEARGUMENT> period. > > > >Just remove it - and more than one problem is solved. > > > > > >-----Original Message----- > >From: Stefan Gonick <[EMAIL PROTECTED]> > >To: [EMAIL PROTECTED] > >Date: Wed, 13 Oct 2004 12:58:56 -0400 > >Subject: Re: Witango-Talk: Cookies > > > > > What kind of factor can lead to the resurrection of an expired > session? > > > > > > Stefan > > > > > > At 01:04 PM 10/13/2004, you wrote: > > > >Hi Stefan, > > > > > > > > > I STILL don't understand why UserReferences from a week ago > should > > > > > lead to session hijacking. Wouldn't this UserReference have > expired > > > a > > > > > long > > > > > time ago? Wouldn't that result in creating a new UserReference? > If > > > not, > > > > > wouldn't this be considered a bug? > > > > > > > >There can be more than one factor involved with why this can > happen, > > > and > > > >therefore hard to > > > >eliminate. > > > > > > > >Keep in mind this problem plagues more web development platforms > than > > > just > > > >Witango. > > > > > > > >This is more of a flaw in the Internet "architecture" brought > about by > > > the > > > >addition of > > > >user "convenience" - but that convenience is superseded now by > > > security > > > >concerns. > > > > > > > >Basically, in my opinion - just don't use <@USERREFERENCEARGUMENT> > for > > > any > > > >reason. > > > > > > > >Hope this helpful. Cheers.... > > > > > > > > > Stefan > > > > > > > > > > ===================================================== > > > > > Database WebWorks: Dynamic web sites through database > integration > > > > > http://www.DatabaseWebWorks.com > > > > > > > > > > > > > > _______________________________________________________________________ > > > > > _ > > > > > TO UNSUBSCRIBE: Go to > http://www.witango.com/developer/maillist.taf > > > > > > > > > > > > >______________________________________________________________________ > > > __ > > > >TO UNSUBSCRIBE: Go to > http://www.witango.com/developer/maillist.taf > > > > > > ===================================================== > > > Database WebWorks: Dynamic web sites through database integration > > > http://www.DatabaseWebWorks.com > > > > > > > _______________________________________________________________________ > > > _ > > > TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf > > > > > >______________________________________________________________________ > __ > >TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf > > ===================================================== > Database WebWorks: Dynamic web sites through database integration > http://www.DatabaseWebWorks.com > > _______________________________________________________________________ > _ > TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf ________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
