[Web-SIG] Session interface

Titus Brown titus at caltech.edu
Wed Aug 17 21:05:26 CEST 2005

-> Wow!  I'm dumbfounded by this whole conversation!  I thought session
-> backends were something innane enough that we could agree on them!  I
-> have the same use cases as Geoffrey.  No, cookies are not a good
-> replacement for sessions since you have to validate them everytime you
-> use them.  You can't trust them unless you encrypt and sign them, and
-> I wasn't aware that that many people were doing that.  Neither is
-> relying on a cookie to time out sufficient to control a session
-> timeout.  Clients lie.  Perhaps I have much to learn.  I'm going to
-> sit back and just read :-/

(What he said ;)


More information about the Web-SIG mailing list