Is there any personal privacy problem in session?

Here is a special satuation:

An user login my website, and looking for some goods.My website tracks and lists these goods which is visited by session id.If the user key in another url to redirect to another website and then leaves for a while(he forget to close browser)...

If someone else use this browse and do some operation like pressing the "goback button" or relinking the url from the history frame on the left side.Can he find the goods list of the older user? (because the url including session id and the website side server has not deleted the session.)If he can this is the private problem as same as cookie?

Have you some idea about resolving this problem Or it is a tough problem can not be resloved?

thank you all!

[760 byte] By [eingmarraa] at [2007-10-2 12:05:02]

«« a simple question about generics
»» sudoku solver

# 1

It can be resolved by giving a very short session timeout lifespan, but that means the user has to be speedy in reading and navigating your pages.

You might give a primary and secondary session time-out. For example, give the user a login name/password.

Keep the session alive for 30 minutes or more (so user can go elsewhere without loosing his stuff).

Have a value inside the session that keeps track of the last time the user visited any of your pages. If the time was longer than 2 minutes (5 minutes, you be the judge on what is reasonable), then the user has to use his login name/password to view the contents of his stuff.

stevejlukea at 2007-7-13 8:30:30 >

top of Java-index,Enterprise & Remote Computing,Web Tier APIs...

Java programming resources: FAQs, tutorials, compiler and browser download sites, documentation, books lists, IDEs, etc.

Is there any personal privacy problem in session?

Enterprise & Remote Computing New Topic

Enterprise & Remote Computing Hot Topic

Enterprise & Remote Computing

All Classified