Private WResource question
Added by Emeric Poupon almost 11 years ago
Hello,
I'm using whttpd tu serve http connexions.
Once the user gets logged in, he has access to sensitive resources, for example images.
I'm creating a WImage widget and set a WMemoryResource on it.
If I open the image in a new tab browser, I can see an url encoded like that :
https://MYIP/?wtd=DDZUR07wZfkL0eBl&request=resource&resource=oflqeh4&rand=17
(btw the link works)
In the logs:
MY OTHER IP - - [2014-Aug-03 12:50:33.536266] "GET /?wtd=DDZUR07wZfkL0eBl&request=resource&resource=oflqeh4&rand=17 HTTP/1.1" 200 59392
[2014-Aug-03 12:50:33.536326] 5799 - [info] "WebRequest: took 3.612ms"
If I copy/paste this url on another computer/another browser, the link is still valid.
In the logs:
[2014-Aug-03 12:53:26.343053] 5799 - [error] "wthttp/async: remote_endpoint() threw: remote_endpoint: Transport endpoint is not connected"
192.168.10.10 - - [2014-Aug-03 12:53:38.001148] "GET /?wtd=DDZUR07wZfkL0eBl&request=resource&resource=oflqeh4&rand=17 HTTP/1.1" 200 59392
[2014-Aug-03 12:53:38.001193] 5799 - [info] "WebRequest: took 1.222ms"
I tought these private resources were tight to the specific tcp connection that has been used to create them?
Regards,
Emeric
Replies (1)
RE: Private WResource question - Added by Koen Deforche almost 11 years ago
Hey,
The session id is considered a session-specific secret.
There is no reliable way to take into account IP or TCP information.
Regards,
Koen