On 11 Oct 99 15:05:23 +0100, you wrote:
>I was actually looking at a PerlTransHandler that I'd drop into
>my site-wide files that would do something like the following:
>
> my $uri = $r->uri;
> if ($uri =~ s#/@@(\d+)@@/#/#) {
> $session = $1;
> $r->uri($uri);
> $r->header(Session => $session);
> }
>
>This way, a session ID could be generated of the form
>
> /some/path/@@123456@@/foo/bar.html
>
But isn't the problem then that if the user cuts & pastes the URL for
someone else to use (e.g. mails it to someone), they're also then passing
on their authentication?
Doesn't this also mean you can only have links from sessioned pages ->
non-sessioned pages or sessioned pages -> sessioned pages and not
non-sessioned pages -> sessioned pages. I'd classify a non-sessioned page
as a static HTML page.
Have I missed something here?
Jamie
___________________________________________________________________________
Jamie O'Shaughnessy e-mail: [EMAIL PROTECTED]
Oracle Designer Development phone : +44 118 92 45052
______________________________________________________ __ __ _ __ . __
Statements and opinions are my own and not those of... (__)|-</-\(__ |__(-_
