Could you give me hints (URLs, book titles) to inform me about session management / user authentication on a web server? I'm planning a DBMS-backed web app. (using apache, postgresql, python).
My current aproach is to use https, let the user auth. himself via password and generate a session id so that subsequent requests are valid if this id is used. The id becomes invalid when the user quits the session or after 10 minutes of inactivity. What are the problems with "my" approach? (There have to be some, since I see so many sites not following it.) TIA Stony
