Hi!
On Thu, Oct 11, 2001 at 08:01:58PM +0200, Gerald Richter wrote:
> > > Recently, I have noticed several threads of discussion around
> > > session management and I want to present an alternate mechanism
> > > for managing a user's session. I have built a simple alternative
> > > to using cookies or URL re-writing that seems SO simple that
> > > there must be something wrong with it.
If the session-ids are only used for user-tracking and not for logging
in, there are even more proxy caching issues with URL-based
session-ids than with cookies based session-ids, I guess that a
Content-Location would be useful in this case. (But EmbPerl pages
usually have dynamical content, so this probably isn't so important
here. :-)
> Embperl 1.3.4 will have something like this. It will give you the
> chance to use cookie based session id or URL based id's. It will
> even be possible that Embperl checks if cookies are supported and
> use URL based id only when cookies doesn't work.
How will the URL-based session-ids look like? IIRC there are three
possibilities: path based (as suggested here), query string based (as
usual) or hostname based (using wild card DNS records).
This last kind of session-ids is easier to strip off than path based
ones and I guess most people will do it, when they handle the URL
manually. (OK, but who manages bookmarks manually, like I do? ;-) Of
course it has nearly the same caching and cross-reference problems
like all URL based session-ids.
BTW: I remember there were some patent issues with host-header based
session-ids. I just have in mind, that fahrschule.de was an host which
practised host-header session-ids and Kristian Köhntopp as maintainer
of the phplib was looking for a proof that data in the host-header was
used before the patent was claimed. But I don't know anything about
the actual state. (Never heard of it again.) At least
www.fahrschule.de does no more use host-header based session-ids.
Regards, Axel
--
Axel Beckert - [EMAIL PROTECTED] - http://abe.home.pages.de/
Student of Computer Science, University of Saarland (Germany)
Artificial Intelligence Laboratory (AI Lab), Prof. Dr. W. Wahlster;
WWW-/FTP-Administrator IBFI Schloß Dagstuhl; Students Representative CS
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
