[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20050826094000.1e3e3b48.gstewart@spamcop.net>
Date: Fri, 26 Aug 2005 09:40:00 +0200
From: Godwin Stewart <gstewart@...mcop.net>
To: Niels Bakker <niels-bugtraq@...ker.net>
Cc: bugtraq@...urityfocus.com, gillettdavid@...a.edu,
boonstoppel@...il.com
Subject: Re: unload event in ie/mozilla/opera
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, 25 Aug 2005 00:31:28 +0200, Niels Bakker <niels-bugtraq@...ker.net>
wrote:
> * gillettdavid@...a.edu (David Gillett) [Thu 25 Aug 2005, 00:02 CEST]:
> > What's worse, some browsers interpret "close the browser" to trigger
> >the onunload() method, and that's just wrooong.
>
> Not that wrong, the website author could want to clear a session cookie
> or similar.
If it's a session cookie then it'll die automatically when the browser
closes down. No need to clear it.
There are many useful features of browsers (and other software - remember
when it used to be a kindness to leave an MTA as an open relay and
considered rude not to?) that have had to be deactivated because of abuse by
scum such as spammers. Firing up the onUnload event on window/browser
shutdown is one that should be added to that list IMO.
- --
G. Stewart - gstewart@...mcop.net
Maintainer's Motto:
If we can't fix it, it ain't broke.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDDsdQK5oiGLo9AcYRAvQxAJ9YKaw2iCsoBrKtWbS5CbUg5k8yaACgkplF
Sexe+P8SsRj1qiNhDIdYll8=
=4lWX
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists