[cgiapp] Persistence
Dan Horne
dan.horne at redbone.co.nz
Wed Feb 6 18:48:24 EST 2008
Dan Horne said:
> Mark Fuller said:
>
>> I thought the problem with putting the session ID in the URL is that
>> the user might copy/paste the URL to others. When they try to use it,
>> the app would have no way to know it's not the real user?
>>
>
> Another problem is bookmarks. A user may bookmark a page, but when they
> come back a couple of days later, the session has expired. They might also
> email a link to others, and that link may not work for the same reason.
>
>
Oh and having the session in the URL may affect your caching algorithms,
which may or may not be a problem, depending on your app. If an e-commerce
app used page-based caching (say a product page as determined by the
request URL) then each session would have a unique URL, and hence would
get its own cache.
More information about the cgiapp
mailing list