- From: Johnathan Nightingale <johnath@mozilla.com>
- Date: Tue, 8 May 2007 13:21:00 -0400
- To: Anil Saldhana <Anil.Saldhana@redhat.com>
- Cc: "public-wsc-wg@w3.org" <public-wsc-wg@w3.org>
Hi Anil, I haven't heard it mentioned before, but it seems like this would be a difficult piece of context to communicate to novice users, and also a difficult piece to programmatically identify in the first place, since a SID-in-URL could look like almost anything. I think the real action/recommendation here is on web site developers to not use SID-in-URL, but that would seem to be well outside our scope. Cheers, Johnathan --- Johnathan Nightingale Human Shield johnath@mozilla.com On 8-May-07, at 1:05 PM, Anil Saldhana wrote: > > Hi all, > I am just wondering if ever this WG has come across requests to > handle session fixation. > http://en.wikipedia.org/wiki/Session_fixation > > Regards, > Anil > > -- > Anil Saldhana > JBoss Security & Identity Management > http://labs.jboss.com/portal/jbosssecurity/ > >
Received on Tuesday, 8 May 2007 17:21:14 UTC