Dan Horne said: > Mark Fuller said: > >> I thought the problem with putting the session ID in the URL is that >> the user might copy/paste the URL to others. When they try to use it, >> the app would have no way to know it's not the real user? >> > > Another problem is bookmarks. A user may bookmark a page, but when they > come back a couple of days later, the session has expired. They might also > email a link to others, and that link may not work for the same reason. > > Oh and having the session in the URL may affect your caching algorithms, which may or may not be a problem, depending on your app. If an e-commerce app used page-based caching (say a product page as determined by the request URL) then each session would have a unique URL, and hence would get its own cache.
##### CGI::Application community mailing list ################ ## ## ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp ## ## ## ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ## ## ################################################################