[jboss-user] [JBoss Seam] - A simple security problem
jiangliu
do-not-reply at jboss.com
Mon Sep 3 22:26:51 EDT 2007
Hi guys,
I am having a simple example in my application.
In my xhtml page, i use:
to restrict certain parts of the page to be displayed to logged users.
I did notice that the URL after user's login has changed to:
http://blah.xxx.seam?cid=3
However, when i manually change the cid number, say for example, to 4 or 5 or 6, this page still display. Should it only be displayed to user who has the session of 3?
cheers!
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4080691#4080691
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4080691
More information about the jboss-user
mailing list