Guys, I would want to know the downsides to using cookie-less sessions ? I want to give my client the freedom to disable cookies on the browser if he chooses to, but i would want to know the implications to that ?
Some say, exposing your sessionId in the url exposes it to hackers who can spoof the IP (as of the victim) and provide the jsessionId (in the url) and can gain control of the victim's session, but if u are using ssl, that shouldnt be an issue. Would someone comment on the real hazards/bottlenecks to the cookie-less approach. Thanks in advance and Regards, Farhan. -- View this message in context: http://www.nabble.com/Cookie-less-session-tracking---whats-are-the-downsides-tp16738472p16738472.html Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
