HTTP state management without cookies?
roy at linksheaven.com
Fri Feb 22 21:51:00 CET 2002
On Fri, 22 Feb 2002 14:49:38 +0000, philh at comuno.freeserve.co.uk (phil
>What do you consider the other 2 methods to be? I can think of
>encoding it in the URL, and the server remembering the browser's IP
>address. Are there others?
Yeah, the generally accepted methods by which you pass session ids are:
- url like you say
- hidden form fields
Remembering the browsers ip address is often combined with other methods
to increase security (e.g. some cookie id generation schemes), but not
used on it's own! Listing the advantages and disadvantages of the above
schemes from a security perspective will almost always (almost, if
implemented properly etc etc) see cookies as the best method.
More information about the Python-list