Serge Sozonoff wrote:
>
> Hello,
>
> >It will work fine, but the problem still remains that the
> >incoming page URL has the session-id in it, so that when you go
> >offsite, the referer header sent by the client has the client's
> >session id in it still, and the unethical webmaster could easily
> >then access the users sessions by looking at the referer logs.
>
> There is a little article about cookie-less sessions at:
>
> www.webdevelopersjournal.com/columns/stateful.html
>
Anything to help get through this mess, and come up with a
good solution, thanks Serge!
I read the article, and found it kind of funny that the author
thought that client side JavaScript was a better solution than
Cookies... which do you think get turned off more by end users ?
I bet its nearly equal, there are at least as many security issues
involving javascript as there are with cookies, and javascript
can be far more visibly intrusive.
Jamie, if you want to see our previous discussion here on
cookieless sessions, check out:
http://www.egroups.com/MessagesPage?listName=modperl&search=%22asp+cookieless+sessions%22
-- Joshua
_________________________________________________________________
Joshua Chamas Chamas Enterprises Inc.
NodeWorks >> free web link monitoring Huntington Beach, CA USA
http://www.nodeworks.com 1-714-625-4051
