HTTP state management without cookies?
Roy Madden
roy at linksheaven.com
Fri Feb 22 15:51:00 EST 2002
On Fri, 22 Feb 2002 14:49:38 +0000, philh at comuno.freeserve.co.uk (phil
hunt) wrote:
>What do you consider the other 2 methods to be? I can think of
>encoding it in the URL, and the server remembering the browser's IP
>address. Are there others?
Yeah, the generally accepted methods by which you pass session ids are:
- cookies
- url like you say
- hidden form fields
Remembering the browsers ip address is often combined with other methods
to increase security (e.g. some cookie id generation schemes), but not
used on it's own! Listing the advantages and disadvantages of the above
schemes from a security perspective will almost always (almost, if
implemented properly etc etc) see cookies as the best method.
Roy
--
http://www.linksheaven.com
More information about the Python-list
mailing list