[plt-scheme] Are web-server continuations "safe"?

From: Eric Biunno (01rice at gmail.com)
Date: Tue Mar 4 09:27:42 EST 2008

In v371,
when I connect to a servlet from one client computer and receive a
continuation embedded into URL,
I can then invoke this continuation from another client computer without a
Is this what should happen? Does the development version behave the same
way? Is there a way to change this behavior?
Am I not understanding the proper use of web-server continuations?
I feel like this makes it easy to hijack a user's session, am I wrong?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.racket-lang.org/users/archive/attachments/20080304/63a8524b/attachment.html>

Posted on the users mailing list.