Neurotech - the weblog of Luke Reeves » Referer field with a session?

Referer field with a session?

June 23, 2003 at 11:11 am · Filed under Code

I’m wondering if it’s bad to send a Referer header with a session ID in it. After clicking through from Technorati I see this in the log:

http://www.technorati.com/cosmos/links.html?PHPSESSID=3b9ce4f8c96e4f66...

Doesn’t that make sessions really trivial to highjack? Or am I just paranoid? And don’t you love how the word “Referer” has been spelt incorrectly since like the dawn of time?

Permalink

1 Comment »

Ron said,

June 23, 2003 @ 11:23 am

I never noticed that before about the spelling mistake. It would be interesting to see if the fact that it was written into the HTTP standard has any long-term effect on the way we spell the word in a couple hundred years. I wonder why ‘they’ don’t change the spelling of that word in the HTTP standard… probably too much work or something.

RSS feed for comments on this post

Neurotech - the weblog of Luke Reeves

Referer field with a session?

1 Comment »

Ron said,

Leave a Comment

Pages

Archives

Categories

Meta