Jump to content


Photo

Q about Sessions and URL variables


  • Please log in to reply
4 replies to this topic

#1 mmosel

mmosel
  • Members
  • PipPipPip
  • Advanced Member
  • 66 posts

Posted 17 April 2006 - 09:58 PM

Ok, my site uses sessions. When I'm logged in, my site's sessions remember me as logged in. I can leave the site altogether and go somewhere else, come back, and it shows that I'm still logged in. This is great - this is how I would expect it to behave. So, why would I want or need to place my user's SID in the URL? I don't see the need for it. Please enlighten me!

#2 poirot

poirot
  • Members
  • PipPipPip
  • Advanced Member
  • 646 posts
  • LocationAustin, TX

Posted 17 April 2006 - 11:46 PM

It's simple, the session ID can be stored in a cookie file or passed through the URLs.

Placing the SID in URLs will ensure that sessions will work if your visitor disabled cookies.
~ D Kuang

#3 mmosel

mmosel
  • Members
  • PipPipPip
  • Advanced Member
  • 66 posts

Posted 18 April 2006 - 01:14 AM

[!--quoteo(post=365760:date=Apr 17 2006, 06:46 PM:name=poirot)--][div class=\'quotetop\']QUOTE(poirot @ Apr 17 2006, 06:46 PM) View Post[/div][div class=\'quotemain\'][!--quotec--]
It's simple, the session ID can be stored in a cookie file or passed through the URLs.

Placing the SID in URLs will ensure that sessions will work if your visitor disabled cookies.
[/quote]

I thought session information was stored server side?


#4 poirot

poirot
  • Members
  • PipPipPip
  • Advanced Member
  • 646 posts
  • LocationAustin, TX

Posted 18 April 2006 - 01:20 AM

Yes it is, but the client should have the session ID.
~ D Kuang

#5 mmosel

mmosel
  • Members
  • PipPipPip
  • Advanced Member
  • 66 posts

Posted 18 April 2006 - 07:15 AM

[!--quoteo(post=365805:date=Apr 17 2006, 08:20 PM:name=poirot)--][div class=\'quotetop\']QUOTE(poirot @ Apr 17 2006, 08:20 PM) View Post[/div][div class=\'quotemain\'][!--quotec--]
Yes it is, but the client should have the session ID.
[/quote]

Ok, gotcha. The thing I don't like about passing the SID in the url is that it can then be more easily passed around. For securing content, such as downloads, this kinda sucks.

I think that I'll require cookies for my site - but only cookies that expire at the end of the session.
I hope that doesn't turn off too many users!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users