[thesite] Hijacking prevention...
jeff
jeff at members.evolt.org
Sun Dec 3 11:43:32 CST 2000
joshua,
:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
: From: Joshua OIson
:
: Was any sort of session hijacking prevention
: method installed on evolt this go-around? That
: could, potentially, cause problems with autovalidators
: examining urls with cfid and cftoken. Just a thought,
: though I'm not sure you even put one on.
:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
there isn't any session hi-jacking prevention in place at this time. it's
assumed that if you paste a url from the site while you're logged in and
tokens are appended that you intended to share you session with whom you're
sharing the url.
if you're logged in with a persistent login then you don't need to worry
about it as tokens are not appended.
i believe the problem is that none of the urls on the site point at any
actual documents on the server. for whatever reason, other servers see that
and report it as a 404, even though our server will still serve up a
document. very odd. i discovered the same problem occurs on the sites
we've built at alphashop using this technique so it's not isolated to linux.
i wonder what search engines will think? crawl or 404?
thanks,
.jeff
name://jeff.howden
game://web.development
http://www.evolt.org/
mailto:jeff at members.evolt.org
More information about the thesite
mailing list