On 4/15/05, Michael J. <[EMAIL PROTECTED]> wrote: > I prefer to store everything on the server. It gives better control > over data and application state. > > > Brian > > > > I vote for storing information in session variables for > > the simple reason most Admins do not allow Browsers > > writing cookies on the hard drive for fear of introducing > > viruses to the system +1 for session variables > > > > Martin Gainty > > This is paranoia. To keep session id they would need to allow > jsessionid cookie somehow anyway. And if _all_ cookies are prohibited, > then Struts would need to rewrite each and every URL. Well, at least > URLs are polluted with jsessionid only, not with all _viewstate thing > (yuck!) >
You should also note that most browsers do not actually store cookies on disk unless they have a defined expiration timestamp. Most servlet containers don't set such a timestamp on session id cookies, which leads to them being stored, in memory, only for the duration of the browser session. That in turn is a good thing, because even if someone has read access to the temporary directory where your browser stores cookies, they cannot snoop the ids of your current session and attempt to impersonate you. > Michael. Craig --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
