[cgiapp] Persistence

[Dan Horne]

Mark Fuller said:

> I thought the problem with putting the session ID in the URL is that
> the user might copy/paste the URL to others. When they try to use it,
> the app would have no way to know it's not the real user?
>

Another problem is bookmarks. A user may bookmark a page, but when they
come back a couple of days later, the session has expired. They might also
email a link to others, and that link may not work for the same reason.