[Lispweb] session tracking: url rewriting vs cookies
cmcurtin at interhack.net
Sun Jun 24 20:41:59 CDT 2001
>>>>> "Lyn" == Lyn A Headley <laheadle at cs.uchicago.edu> writes:
Lyn> I think I'm going to add cookie-based sessions to IMHO, but if
Lyn> anyone has a better idea to support the general/personal
Lyn> dichotomy with caching, I'd love to hear it.
I'd prefer to see a cookie-based mechanism for session management.
URLs are essentially public knowledge, thanks to their appearance in
various types of log files, headers that can leak to third parties
(e.g., HTTP referrers, which were mandatory until HTTP 1.1 and are
still treated that way in many cases), etc.
Cookies are a Good Thing for the purpose of managing session state.
carefully, but using them as they were intended is perfectly sensible.
 Well, to the degree that a Good Thing is possible atop the
bizarre stateless beast known as HTTP.
Matt Curtin, Founder Interhack Corporation http://web.interhack.com/
"Building the Internet, Securely." research | development | consulting
More information about the lispweb