[dev] Fwd: [Bug 1246] New - session hijacking using referer URL

[Chuck Hagenbuch]

Quoting Salim Virani <me at salimvirani.com>:

> I'm humbly throwing this out there as a suggestion.  I'm not familiar
> with IMP3 code or this scenario in detail.  Is this a reasonable
> suggestion?

Not really - we don't use HTTP authentication in the first place, and the
password is only sent once when the user first logs in anyways...

-chuck

--
Charles Hagenbuch, <chuck at horde.org>
The alligators were there, too, in a bathtub inside the house.