On 10 Aug 2006, at 11:15, uselpa wrote: > spacedman wrote: >> /foo/bar/info?session_id=0873556323 >> >> BUT if anyone gets that URL they get that person's session. Which >> is a >> BAD thing. So don't do that. > > Unless you check that the IP from which the request is coming is the > same IP from which the initial request came.
Which limits the potential session thieves to the people on my local network, but it’s still just as bad (especially considering public wifi areas, etc.). Cheers. -- Antonio --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~----------~----~----~----~------~----~------~--~---
