Session hijacking in Alt-N's MDaemon 2.8

Hi, Here's a bugreport and a fix for MDaemon 2.8. Problem: It is possible to hijack an HTTP session from MDaemon / WorldClient Standard version 2.8 Description: MDaemon 2.8 comes with WorldClient Standard which allows you to read your mail using a browser. When you receive an HTML formatted page...