On Fri, Oct 2, 2009 at 1:02 AM, Peter De Berdt <[email protected]> wrote:
> However, cookieless sessions (where the session id is passed on through > parameters is one view: "generally a bad idea and poses a very big security risk (users can post a url with the session part included)." another view: an accepted practice on other platforms aware that mandating the use of cookies for full functionality may be culturally inappropriate or outright illegal. And if there's anything sensitive -- financial, health, personal privacy -- involved in your app, then you should be using SSL anyway, which negates the above concern. :-) FWIW, -- Hassan Schroeder ------------------------ [email protected] twitter: @hassan --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
