Hi Steven, Yes i had spoken about hijacking user session, thats wuy in blog i spoke about 2 examples how it can be used... in on of them i told that there must only pput a hyperlink , cauz Hostflow do not use IP filter and it will give as reffer url full users session , without any XSS.