[prev in list] [next in list] [prev in thread] [next in thread] 

List:       apache-modules
Subject:    [apache-modules] how to derefer
From:       Christian Parpart <cparpart () surakware ! net>
Date:       2003-06-14 11:44:36
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

hi all,

I am writing a module where the webclient can put his own URLs at runtime onto 
the HTML sites published by this module. The problem now is, that each user 
of course has it's own session id, passed via URL arguments (?foo=bar&x=y).
Now, if such a webclient user would click on this (or other) links they would 
also leave their "Referer" header onto the access_log file of the foreign 
server. This is to be prevented since this would be a way to hijack this 
session. 

Now, I've read/heard alot about dereferer, but how to write them? how do they 
really work? *IS* there a way to write it directly in my apache module?

Thanks in advance,
Christian Parpart.

- -- 
 13:39:48 up 25 days,  4:58,  1 user,  load average: 0.00, 0.00, 0.00
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE+6wqoPpa2GmDVhK0RAqkwAJ4k3H5ey4Hek22Rkh/sxUAZ8BsolgCfc3P5
GfVicGmAnn1QRPGr2VW5GkQ=
=Zh14
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: apache-modules-unsubscribe@covalent.net
For additional commands, e-mail: apache-modules-help@covalent.net


[prev in list] [next in list] [prev in thread] [next in thread]