The simpliest protection from "one-click attack" is not to use cookies. So,
if you're concerned about real security of your stuff, stop using Session
object and develop your own session. It's easy, takes a bit more processing
on the server (normally. about 0.001 seconds more) but it's worth it. I'm
not using Session in all my apps at all and I don't care about 90% of
security threads. Use parameterized sql calls and another 5% will go away.
XSS (cross-site scripting) comes next to "one-click". All those "techniques"
used to screw up your work are well described on the Net - use Google or
something to find related info.
"Henri" <hm********@hotmail.com> wrote in message
news:ur**************@TK2MSFTNGP10.phx.gbl...
and what is the "one click attack" that it is said to prevent?
I've tried to use it but it seems that there is no visible change in the
source code...
Thanks
Henri