[Web-SIG] Session interface
jonathan at carnageblender.com
Tue Aug 16 22:14:18 CEST 2005
On Tue, 16 Aug 2005 15:45:47 -0400, "Phillip J. Eby"
<pje at telecommunity.com> said:
> >I'm not sure; I always try to make the cookie last longer than the session
> >can. I suppose you could store information about when the cookie is
> >supposed to expire in the session itself (since you can't read expiration
> >times from the cookie). Or you could store the expiration as part of the
> >cookie data; I haven't thought about doing it that way.
Sure, sessions are overused and abused. Particularly among certain
classes of developers which I won't characterize here. :)
But there's a reason they're in such common use; it's a huge waste
(particular for low-bandwidth clients) to store anything more than
absolutely necessary in a cookie that the client sends repeatedly. Much
more efficient to send "here's my token" which the server uses to
retrieve the rest.
More information about the Web-SIG