As long as the session has been kept alive, the userrefernce session will be active, regardless if the link was pasted into anew window, or linked from a search engine.
If the session has timed out because of inactivity, then when you go back to the site you cart will be empty because the session timed out. No security risk.
The security risk is if someone takes the active session link and pastes it somewhere, or many visitors have come through that link, then the session is still alive. Then, anyone can continue that session.
Rick
You just demonstrated how to have a flash mob session.
I hit your link and increased the number of items in your shopping cart. The
session just got a new lease on life. If people keep hitting it at short
enough intervals, the session will continue for a long long time.
How 'bout placing your credit card number in there?
On 10/13/04 10:26 AM, "Rick Sanders" <[EMAIL PROTECTED]> wrote:
It expires after 30 minutes of inactivity. The <@USERREFERENCEARGUMENT>
stays assigned for the same amount of time as a variable in the user scope.
Unless you've specified another timeout.
Right now, I have a 20-minute timeout on my server. If you go to the following link, you should see a Listening Device in the shopping cart. This is because I just started the session: http://eshopper.webenergy-sw.com/maintaf.taf?_function=viewbasket&_UserReferen ce=9A0F4D5EA7EDD251416D63AD
However, after 20 minutes, the session will no longer be there.
________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
