Re: Inquiry
On Tue, Jul 15, 2008 at 8:40 AM, Marty Alchin <[EMAIL PROTECTED]> wrote: > Is it really > that bad a thing that users are in control of how they use your web > site? Exactly. Users can change the URL more easily than they can delete a cookie, so that one is effectively out (for his criteria). And as you noted, IPs change and don't really identify any one single user, and thus aren't a good way to handle sessions at all. Brett --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---
Re: Inquiry
On Mon, Jul 14, 2008 at 8:48 PM, Kadusale, Myles <[EMAIL PROTECTED]> wrote: > I don't want to use cookies because they can be disabled by the user. The alternatives I'm aware of are: * recording the session ID directly in the URL of every page, which just opens you up[1] to all sorts of problems. * Using REMOTE_ADDR to identify incoming IPs, which will not only make it impossible to identify one browser window or tab from another, it won't even be able to tell one browser from another. Worse yet, for the many people out there with multiple PCs hooked up through a router to a single net connection, your site won't be able to tell any of their machines apart. * I suppose you could technically use a combination of REMOTE_ADDR and the User Agent string, but that only helps if users are using different browsers. Multiple users using th esame browser version would probably still have problems, and a single user using multiple windows or tabs will most certainly still have problems. Cookies are certainly your best bet here. They were created as a solution to real problems, so by asking to avoid them, you're essentially asking for those other problems. Yes, users can disable cookies. They can also disable CSS and JavaScript, and even opt out of using the web entirely. Is it really that bad a thing that users are in control of how they use your web site? -Gul [1] http://en.wikipedia.org/wiki/Session_fixation --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---
Re: Inquiry
On Mon, Jul 14, 2008 at 7:48 PM, Kadusale, Myles <[EMAIL PROTECTED]> wrote: > I don't want to use cookies because they can be disabled by the user. Can you name a method of maintaining a session can't be altered or changed by the user? Brett --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---
RE: Inquiry
I don't want to use cookies because they can be disabled by the user. -Original Message- From: django-users@googlegroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Anderson Sent: Monday, July 14, 2008 11:10 PM To: django-users@googlegroups.com Subject: Re: Inquiry Kadusale, Myles wrote: > Good Day to All! > > I am new to Django and I was wondering if there is a sample application > that deals with sessions that is not using cookies. > Django's session framework uses cookies. I don't know why you wouldn't want to do sessions without cookies, and I don't know of any projects that aim to do that. It wouldn't be difficult, however, to implement your own sessions that don't use cookies. > Also is there a directory structure in an web app when using Django? > Like in J2EE?? > If you are referring to Java namespaces, then yes: Python has them. If you are asking about urls in Django, I suggest you read through the tutorial in the official Django documentation. Good luck! Jeff Anderson PS - instead of replying to an existing thread and changing the subject, it is better to start your own thread. Your message is in the middle of another thread. Thanks! --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---
Re: Inquiry
Kadusale, Myles wrote: Good Day to All! I am new to Django and I was wondering if there is a sample application that deals with sessions that is not using cookies. Django's session framework uses cookies. I don't know why you wouldn't want to do sessions without cookies, and I don't know of any projects that aim to do that. It wouldn't be difficult, however, to implement your own sessions that don't use cookies. Also is there a directory structure in an web app when using Django? Like in J2EE?? If you are referring to Java namespaces, then yes: Python has them. If you are asking about urls in Django, I suggest you read through the tutorial in the official Django documentation. Good luck! Jeff Anderson PS - instead of replying to an existing thread and changing the subject, it is better to start your own thread. Your message is in the middle of another thread. Thanks! signature.asc Description: OpenPGP digital signature
