HTTP state management without cookies?

Roy Madden roy at linksheaven.com
Fri Feb 22 21:51:00 CET 2002


On Fri, 22 Feb 2002 14:49:38 +0000, philh at comuno.freeserve.co.uk (phil
hunt) wrote:

>What do you consider the other 2 methods to be? I can think of 
>encoding it in the URL, and the server remembering the browser's IP 
>address. Are there others?

Yeah, the generally accepted methods by which you pass session ids are:
- cookies
- url like you say
- hidden form fields

Remembering the browsers ip address is often combined with other methods
to increase security (e.g. some cookie id generation schemes), but not
used on it's own! Listing the advantages and disadvantages of the above
schemes from a security perspective will almost always (almost, if
implemented properly etc etc) see cookies as the best method.


Roy


 
-- 
http://www.linksheaven.com



More information about the Python-list mailing list