I love the government.
The W3C folks should have given session "cookies" a completely
different name. Something that doesn't sound a "threatening" as
cookie. So irrational organization like our federal government
wouldn't create silly policies disallowing the use of them. (they can
try to get ISPs to keep a log of every packet that goes through their
routers, but don't store some random string in memory as we communicate
with a web server that we initiated communications with)
What would be a good name that accurately reflects the temporary nature
of a session cookie.... what's just as yummy, more useful and doesn't
last as long as a normal cookie?
/John
Dale Graham wrote:
Yes but some of us (I work for Federal Gov't) are not
actually *allowed* to use cookies.... so when you have those
constraints, and need to make sure session variables are saved....
you're kind of stuck.
On Jun 8, 2006, at 2:08 PM, Robert Garcia wrote:
Yes, but that doesn't solve any of the issues
that arise from using it in a url, you have the same issues, when you
don't just use the cookie methods.
--
Robert Garcia
President - BigHead Technology
VP Application Development - eventpix.com
13653 West Park Dr
Magalia, Ca 95954
ph: 530.645.4040 x222 fax: 530.645.4040
On Jun 8, 2006, at 4:48 AM, Dale Graham wrote:
You can also pass UserReferenceArgument as
a hidden argument, which drops it out of the URL...
I believe it must be in this form <input type="hidden"
name="_userReference"
value="<@UserReferenceArgument>">
If I am in error on the format, someone on the list more
knowledgeable can correct this .....
On Jun 7, 2006, at 12:09 PM, GEzra wrote:
Folks I'm dealing with do not like
cookies, candies or anything sweet - spent a lot of time making sure
that I was passing userref in the url to avoid cookies. I'm just gonna
see if my isp can do something about their router, unless my xserve is
doing this NAT, even though its turned off.
Thanks for your help on this Dave,
William & Robert!
Ezra
On 2-Jun-06, at 4:23 AM, Robert
Garcia wrote:
Yes, they are in the URI, you can
see in the log:
_function=validate_user&_UserReference=58FA321F03B02D3E447F5B62
Remove userreference from URI, and
only use cookies.
--
Robert Garcia
President - BigHead Technology
VP Application Development -
eventpix.com
13653 West Park Dr
Magalia, Ca 95954
ph: 530.645.4040 x222 fax:
530.645.4040
On Jun 1, 2006, at 8:35 PM, William
M Conlon wrote:
Are the userref's in the URI? That would allow them to be
shared.
Look in the archive on session
hijacking.
On Jun 1, 2006, at 7:37 PM, GEzra
wrote:
Hello all!
I looked at my witango log
today and it seems like the same userreference was assigned to two
different users, seconds apart while both were accessing diff. apps.
What's so odd is that the
server address of xxx.xxx.xxx.xxx is being logged as the clients ip.
How can this be?
01/06/2006 14:27:19 xxx.xxx.xxx.xxx [EMAIL PROTECTED] 25272320 1 1 [Application
File] START
/apps/login.taf WitangoServer
_function=validate_user&_UserReference=58FA321F03B02D3E447F5B62
01/06/2006 14:27:44 xxx.xxx.xxx.xxx [EMAIL PROTECTED] 25310208 1 0 [Application
File] START
/apps/login.taf WitangoServer
_function=validate_user&_UserReference=58FA321F03B02D3E447F5B62
Any ideas?
thanks,
Ezra
________________________________________________________________________
Bill
William M. Conlon, P.E., Ph.D.
To the Point
345 California Avenue Suite 2
Palo Alto, CA 94306
vox: 650.327.2175 (direct)
fax: 650.329.8335
mobile: 650.906.9929
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
________________________________________________________________________
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
________________________________________________________________________
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
--
John McGowan
[EMAIL PROTECTED]
P 847.608.6900 x 110
F 847.608.9501
________________________________________________________________________
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
|
