[nycphp-talk] to rewrite or not to rewrite URLs...
David Mintz
dmintz at panix.com
Fri Jul 18 14:53:35 EDT 2003
Do you guys use URL rewriting to ensure that the session id is propagated
from page to page even if the user refuses your cookie?
I've read somewhere that it can cause 'confusion' or 'problems' if the
user bookmarks a URL with a session id in the query string, and tries to
access the page after the session is over, but those readings did not say
whether you should really worry about it or what the worst case scenario
is.
I've been to sites that say "you must accept a cookie..." but that seems
kind of authoritarian, not to mention geeky (-:
If you are POSTing, you can stash the session id in a hidden field, which
would seem to solve the issue, but you what about when you GET.
---
David Mintz
http://davidmintz.org/
Email: See http://dmintzweb.com/whitelist.php first!
"You want me to pour the beer, Frank?"
More information about the talk
mailing list