HTTP state management without cookies?
André Risnes
andre.risnes at tenpipes.no
Wed Feb 20 04:46:36 EST 2002
"Simon Willison" <cs1spw at bath.ac.uk> wrote in message
news:3C7368A0.5050702 at bath.ac.uk...
>
> It's pretty important to provide some kind of checking mechanism like
> that to avoid people copying/pasting the URL of the page they are on
> into an e-mail / instant message and inadvertantly giving their session
> to someone else.
>
That can be avoided by embedding the session ID in a hidden
field in a form instead of the URL (if forms are used, that is).
--
Regards
André Risnes
More information about the Python-list
mailing list