[EMAIL PROTECTED] wrote:
Might be, the clients I work with are a self-selecting group. I mostly
work with apps concerned about security (financials, millitary,
health care, network management, etc).
Since the session id in the url by its very nature is not/cannot be
encrypted really what is the point of doing such a thing?
Since a session-identifier in a cookie is also not encrypted, I
see no difference in the security of the two implementations.
C
--
-------------------------------------------------------------------------
Chris Merrill | http://www.webperformanceinc.com
Web Performance Inc.
Website Load Testing and Stress Testing Software
-------------------------------------------------------------------------
_______________________________________________
Juglist mailing list
[email protected]
http://trijug.org/mailman/listinfo/juglist_trijug.org
