> > > o Add the session id to the URL. This method has the most problems, and > > > is not recommended. > > > > What are the problems with the last option? ... > > Google for XSS - Cross-site scripting attacks, as a starter.
I thought the problem with putting the session ID in the URL is that the user might copy/paste the URL to others. When they try to use it, the app would have no way to know it's not the real user? Maybe I've misunderstood the original question? Mark ##### CGI::Application community mailing list ################ ## ## ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp ## ## ## ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ## ## ################################################################
