Q about Sessions and URL variables

[mmosel]

Ok, my site uses sessions. When I'm logged in, my site's sessions remember me as logged in. I can leave the site altogether and go somewhere else, come back, and it shows that I'm still logged in. This is great - this is how I would expect it to behave. So, why would I want or need to place my user's SID in the URL? I don't see the need for it. Please enlighten me!

[poirot]

It's simple, the session ID can be stored in a cookie file or passed through the URLs.

Placing the SID in URLs will ensure that sessions will work if your visitor disabled cookies.

[mmosel]

[!--quoteo(post=365760:date=Apr 17 2006, 06:46 PM:name=poirot)--][div class=\'quotetop\']QUOTE(poirot @ Apr 17 2006, 06:46 PM) [snapback]365760[/snapback][/div][div class=\'quotemain\'][!--quotec--]
It's simple, the session ID can be stored in a cookie file or passed through the URLs.

Placing the SID in URLs will ensure that sessions will work if your visitor disabled cookies.
[/quote]

I thought session information was stored server side?

[poirot]

Yes it is, but the client should have the session ID.

[mmosel]

[!--quoteo(post=365805:date=Apr 17 2006, 08:20 PM:name=poirot)--][div class=\'quotetop\']QUOTE(poirot @ Apr 17 2006, 08:20 PM) [snapback]365805[/snapback][/div][div class=\'quotemain\'][!--quotec--]
Yes it is, but the client should have the session ID.
[/quote]

Ok, gotcha. The thing I don't like about passing the SID in the url is that it can then be more easily passed around. For securing content, such as downloads, this kinda sucks.

I think that I'll require cookies for my site - but only cookies that expire at the end of the session.
I hope that doesn't turn off too many users!