What about binding the session on an IP address? As I wrote the last
time I don't like cookies (security problem if somebody does
not logout
explicitely). For link rewriting you have the problem above.
So why not
testing server side if the login for a specific session was
done using
My concern is that
since URL encoding
exposes the session ID in plain view, it's as good as
compromised despite
using SSL to encrypt it once the customer logs in.
Was that why you were saying to only use session cookies
everywhere?
yes
Ok, I see, but a session cookie
From: Tim Olson [EMAIL PROTECTED]
My concern is that
since URL encoding
exposes the session ID in plain view, it's as good as
compromised despite
using SSL to encrypt it once the customer logs in.
Was that why you were saying to only use session cookies
everywhere?
yes
Sonny Sukumar wrote:
Hi guys,
I know I've brought up some session questions before, and I gained great
insight from those discussions, but there's some issues I want to
understand better before I make implementation decisions. Assume the
context of a B2C e-commerce site when considering these
From: Joerg Heinicke [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: Need Session Help!
Date: Sat, 27 Sep 2003 00:55:52 +0200
Sonny Sukumar wrote:
Hi guys,
I know I've brought up some session questions before, and I gained great
insight from those discussions
in if they are not?
As always, I welcome everybody to share any insights they'd like to.
Thanks,
Sonny
From: Antonio Gallardo [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: Need Session Help!
Date: Wed, 24 Sep 2003 17:49:15 -0600 (CST)
Sonny Sukumar dijo:
Hi guys
: Antonio Gallardo [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: Need Session Help!
Date: Wed, 24 Sep 2003 17:49:15 -0600 (CST)
Sonny Sukumar dijo:
Hi guys,
I know I've brought up some session questions before, and I gained
great
insight from those discussions
]
To: [EMAIL PROTECTED]
Subject: Re: Need Session Help!
Date: Wed, 24 Sep 2003 17:49:15 -0600 (CST)
Sonny Sukumar dijo:
Hi guys,
I know I've brought up some session questions before,
and I gained
great
insight from those discussions, but there's some issues
I want to
understand
: Need Session Help!
Date: Wed, 24 Sep 2003 17:49:15 -0600 (CST)
Sonny Sukumar dijo:
Hi guys,
I know I've brought up some session questions before,
and I gained
great
insight from those discussions, but there's some issues
I want to
understand better before I make
From: Tim Olson [EMAIL PROTECTED]
How much overhead does session replication actually cause vs.
fetching
everything from the database on every request?
session replication across a cluster can be very expensive because session
modifications are O(n) where n is the number of nodes. it's ok if
Sonny Sukumar dijo:
Hi guys,
I know I've brought up some session questions before, and I gained great
insight from those discussions, but there's some issues I want to
understand better before I make implementation decisions. Assume the
context of a B2C e-commerce site when considering
11 matches
Mail list logo