[Web-SIG] Session interface

Jonathan Ellis jonathan at carnageblender.com
Tue Aug 16 22:14:18 CEST 2005

On Tue, 16 Aug 2005 15:45:47 -0400, "Phillip J. Eby"
<pje at telecommunity.com> said:
> >I'm not sure; I always try to make the cookie last longer than the session 
> >can.  I suppose you could store information about when the cookie is 
> >supposed to expire in the session itself (since you can't read expiration 
> >times from the cookie).  Or you could store the expiration as part of the 
> >cookie data; I haven't thought about doing it that way.

Sure, sessions are overused and abused.  Particularly among certain
classes of developers which I won't characterize here. :)

But there's a reason they're in such common use; it's a huge waste
(particular for low-bandwidth clients) to store anything more than
absolutely necessary in a cookie that the client sends repeatedly.  Much
more efficient to send "here's my token" which the server uses to
retrieve the rest.


More information about the Web-SIG mailing list