dan.horne at redbone.co.nz
Wed Feb 6 18:48:24 EST 2008
Dan Horne said:
> Mark Fuller said:
>> I thought the problem with putting the session ID in the URL is that
>> the user might copy/paste the URL to others. When they try to use it,
>> the app would have no way to know it's not the real user?
> Another problem is bookmarks. A user may bookmark a page, but when they
> come back a couple of days later, the session has expired. They might also
> email a link to others, and that link may not work for the same reason.
Oh and having the session in the URL may affect your caching algorithms,
which may or may not be a problem, depending on your app. If an e-commerce
app used page-based caching (say a product page as determined by the
request URL) then each session would have a unique URL, and hence would
get its own cache.
More information about the cgiapp