[cgiapp] Persistence

Mark Fuller azfuller at gmail.com
Wed Feb 6 17:11:18 EST 2008


> > > o Add the session id to the URL. This method has the most problems, and
> > > is not recommended.
> >
> > What are the problems with the last option? ...
>
> Google for XSS - Cross-site scripting attacks, as a starter.

I thought the problem with putting the session ID in the URL is that
the user might copy/paste the URL to others. When they try to use it,
the app would have no way to know it's not the real user?

Maybe I've misunderstood the original question?

Mark


More information about the cgiapp mailing list