HTTP state management without cookies?

Roy Madden roy at
Fri Feb 22 21:51:00 CET 2002

On Fri, 22 Feb 2002 14:49:38 +0000, philh at (phil
hunt) wrote:

>What do you consider the other 2 methods to be? I can think of 
>encoding it in the URL, and the server remembering the browser's IP 
>address. Are there others?

Yeah, the generally accepted methods by which you pass session ids are:
- cookies
- url like you say
- hidden form fields

Remembering the browsers ip address is often combined with other methods
to increase security (e.g. some cookie id generation schemes), but not
used on it's own! Listing the advantages and disadvantages of the above
schemes from a security perspective will almost always (almost, if
implemented properly etc etc) see cookies as the best method.



More information about the Python-list mailing list