>
> I've looked thorugh Apache::Asp session code and saw your args method.
>
We should of course use anything that Joshua already has figured out. Maybe
the module could be written in a way that Apache::ASP can take use of it.
That would be the best thing from my point of view!
> Ian Kallen suggested a hash of know indexers - which is a good idea -
Yes
> but has one problem of how to keep this upto date.
>
Everybody could contribute and there could some (CPAN) where you can
download an uptodate list
> A few issues that have been brought to my attention are:
>
> 1 - Wherethere to use URI rewriting - and hence the indexer issue - or
> to rewrite query args (i.e remove a session arg and place it into a
> pnotes entry). So that hopefully clever indexers will ignore the last
> bit.
>
I am not sure, but I think most search eniges will not index pages with
query_strings at all
I would most love to make it configurable, so that the user can choose,
which way he/she prefers.
> 2 - The HTTP_REFERER leaking is an issue that people need to be aware of
> - I could make a quick redirect filter that could remove the session
> id. This can also help with click throughs etc. I am not aiming to do
> any checking of the session id - thats left to something else.
>
Such a filter would be a helpfull thing
> 3 - When to redirect to check for cookies etc. i.e. when a client comes
> in without any session info do we imediately redirect to try and set a
> cookie, and then use that or else do something else. Or only check
> after the secound request.
>
Make it configurable
> 4 - Defining what a session is may be helpfull. What I call a session
> others may disagree. I need to scope what I'm going to write -
> otherwise I be redoing it every 5 minutes! My spin on a session is
> something that needs to be tracked - and I usually only do this when I
> have to.
I would agree to that
Gerald