HTTP state management without cookies?

[Michael Ströder]

Paul Rubin wrote:
> 
> mod_rewrite lets you do all kinds of neat stuff.

Hmm, I'd like to rephrase that to "mod_rewrite let's you do all kind
of dirty stuff".

I consider the configuration and change managment of your server and
application to be a nightmare and security risk if you rely on
handling of session IDs implemented in the server's mod_rewrite
configuration.

Ciao, Michael.