It expires after 30 minutes of inactivity. The <@USERREFERENCEARGUMENT> stays assigned for the same amount of time as a variable in the user scope. Unless you've specified another timeout.
Right now, I have a 20-minute timeout on my server.
If you go to the following link, you should see a Listening Device in the shopping cart. This is because I just started the session:
http://eshopper.webenergy-sw.com/maintaf.taf?_function=viewbasket&_UserReference=9A0F4D5EA7EDD251416D63AD
However, after 20 minutes, the session will no longer be there.
A good test would be for you to go to the main page http://eshopper.webenergy-sw.com add an item to the cart, then click "View Cart". Don't bookmark the Add to cart link, or you'll actually add the item, so the item will be there because you added it.
Then, bookmark it and go back after 20 mins and see if the session is still there!
Rick
Hi Stefan,
Who knows if it ever expired?
Personally, I think the bug is using <@USERREFERENCEARGUMENT> period.
Just remove it - and more than one problem is solved.
-----Original Message----- From: Stefan Gonick <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Date: Wed, 13 Oct 2004 12:58:56 -0400 Subject: Re: Witango-Talk: Cookies
What kind of factor can lead to the resurrection of an expired session?
Stefan
At 01:04 PM 10/13/2004, you wrote: >Hi Stefan, > > > I STILL don't understand why UserReferences from a week ago should > > lead to session hijacking. Wouldn't this UserReference have expired a > > long > > time ago? Wouldn't that result in creating a new UserReference? If not, > > wouldn't this be considered a bug? > >There can be more than one factor involved with why this can happen, and >therefore hard to >eliminate. > >Keep in mind this problem plagues more web development platforms than just >Witango. > >This is more of a flaw in the Internet "architecture" brought about by the >addition of >user "convenience" - but that convenience is superseded now by security >concerns. > >Basically, in my opinion - just don't use <@USERREFERENCEARGUMENT> for any >reason. > >Hope this helpful. Cheers.... > > > Stefan > > > > ===================================================== > > Database WebWorks: Dynamic web sites through database integration > > http://www.DatabaseWebWorks.com > > > > _______________________________________________________________________ > > _ > > TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf > > >______________________________________________________________________ __ >TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
===================================================== Database WebWorks: Dynamic web sites through database integration http://www.DatabaseWebWorks.com
_______________________________________________________________________ _ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
