Yes, they are in the URI, you can see in the log:
_function=validate_user&_UserReference=58FA321F03B02D3E447F5B62
Remove userreference from URI, and only use cookies.
--
Robert Garcia
President - BigHead Technology
VP Application Development - eventpix.com
13653 West Park Dr
Magalia, Ca 95954
ph: 530.645.4040 x222 fax: 530.645.4040
[EMAIL PROTECTED] - [EMAIL PROTECTED]
http://bighead.net/ - http://eventpix.com/
On Jun 1, 2006, at 8:35 PM, William M Conlon wrote:
Are the userref's in the URI? That would allow them to be shared.
Look in the archive on session hijacking.
On Jun 1, 2006, at 7:37 PM, GEzra wrote:
Hello all!
I looked at my witango log today and it seems like the same
userreference was assigned to two different users, seconds apart
while both were accessing diff. apps.
What's so odd is that the server address of xxx.xxx.xxx.xxx is
being logged as the clients ip. How can this be?
01/06/2006 14:27:19 xxx.xxx.xxx.xxx [EMAIL PROTECTED]
25272320 1 1 [Application File] START /apps/login.taf
WitangoServer
_function=validate_user&_UserReference=58FA321F03B02D3E447F5B62
01/06/2006 14:27:44 xxx.xxx.xxx.xxx [EMAIL PROTECTED]
25310208 1 0 [Application File] START /apps/login.taf
WitangoServer
_function=validate_user&_UserReference=58FA321F03B02D3E447F5B62
Any ideas?
thanks,
Ezra
_____________________________________________________________________
___
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
Bill
William M. Conlon, P.E., Ph.D.
To the Point
345 California Avenue Suite 2
Palo Alto, CA 94306
vox: 650.327.2175 (direct)
fax: 650.329.8335
mobile: 650.906.9929
e-mail: mailto:[EMAIL PROTECTED]
web: http://www.tothept.com
______________________________________________________________________
__
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
________________________________________________________________________
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
