On Wed, 10 May 2000, Jay Jacobs wrote:
> So as I see it there are essentially 2 *mostly* reliable ways, cookies
> and url-rewriting. Both have drawbacks and neither are 100%. There
> really isn't a way to cross-reference anything else (IP or login) becuase
> there are valid reasons for a user to come from multiple ip addresses
> during a session (albeit rare), and sessions may be needed without
> requiring a user to login.
> It also doesn't make sense to try to rely on both cookies and
> url-rewriting, that would just get sloppy and waste time. The only thing
> to do is to pick one or the other and deal with the drawbacks associated
> with that...
>
> URLS:
> - redirecting to a different site sends the session_id in the
> HTTP_REFERER in some browsers, which ruins it for the rest of the world ;)
> - requires site-wide url-rewriting or site-wide relative links (including
> things like "../../index.html" which seems ugly IMO)
If you're doing site-wide URL re-writing, you might as well re-write
outside URL's to a redirect CGI, so that the session doesn't go in the
referer.
--
<Matt/>
Fastnet Software Ltd. High Performance Web Specialists
Providing mod_perl, XML, Sybase and Oracle solutions
Email for training and consultancy availability.
http://sergeant.org http://xml.sergeant.org
