[plt-scheme] Are web-server continuations "safe"?
Eric Biunno
01rice at gmail.com
Tue Mar 4 09:27:42 EST 2008
In v371,
when I connect to a servlet from one client computer and receive a
continuation embedded into URL,
I can then invoke this continuation from another client computer without a
problem.
Is this what should happen? Does the development version behave the same
way? Is there a way to change this behavior?
Am I not understanding the proper use of web-server continuations?
I feel like this makes it easy to hijack a user's session, am I wrong?
Thanks,
Eric
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.cs.brown.edu/pipermail/plt-scheme/attachments/20080304/63a8524b/attachment.html
More information about the plt-scheme
mailing list