Hello, >It will work fine, but the problem still remains that the >incoming page URL has the session-id in it, so that when you go >offsite, the referer header sent by the client has the client's >session id in it still, and the unethical webmaster could easily >then access the users sessions by looking at the referer logs. There is a little article about cookie-less sessions at: www.webdevelopersjournal.com/columns/stateful.html Serge !--------------------------------------! ! Serge Sozonoff ! ! http://www.skiphotos.ch ! !--------------------------------------!
- Apache::ASP Lauchlan Fraser
- Re: Apache::ASP Joshua Chamas
- Re: Apache::ASP Joshua Chamas
- Apache::ASP Aaron Slepecky
- Re: Apache::ASP Joshua Chamas
- Re: Apache::ASP Stas Bekman
- Apache::ASP Serge Sozonoff
- ASP Cookieless Sessions (WAS Re: Apache::ASP) Joshua Chamas
- Re: ASP Cookieless Sessions (WAS Re: Apache::A... Matt Sergeant
- Re: ASP Cookieless Sessions (WAS Re: Apach... Joshua Chamas
- Re: ASP Cookieless Sessions (WAS Re: A... Serge Sozonoff
- Re: ASP Cookieless Sessions (WAS ... Joshua Chamas
- Re: ASP Cookieless Sessions (... Serge Sozonoff
- Re: ASP Cookieless Sessions (WAS ... Randal L. Schwartz
- Re: ASP Cookieless Sessions (... Cliff Rayman
- Bug in Apache's setting HTTP_COOK... Marc D. Spencer
- Re: ASP Cookieless Sessions (WAS Re: Apache::A... Greg Stark
- Apache::ASP Mei Lam
- Apache::ASP don Wang
- Re: Apache::ASP Joshua Chamas
- Re: Apache::ASP don Wang
