[imp] Fwd: Chuck,
what am I doing wrong? Why won't anyone respond to this question?
Magnus Nordseth
magnus at ntnu.no
Wed Aug 11 04:49:28 PDT 2004
John Schneider:
>
> It appears that this would mean a user could potentially bookmark the site
> at an inappropriate time and depending on other circumstances, possibly gain
> unauthorized access to other mailboxes. Is this a correct assumption? If so,
> is their a way to prevent this? (Perhaps javascript code to prevent
> bookmarking when a session is present in the URL?)
I solved this problem by forcing cookies (ie session.use_only_cookies 1 in
php.ini or .htaccess).
Unfortunately, a user with cookies disabled will get a message saying
'session timed out', but I think it is a reasonable sacrifice. Maybe this
could be integrated to imp config, combined with a function that checks if
the user accepts cookies?
--
Magnus Nordseth
More information about the imp
mailing list