I suppose I was thinking of MAC address or something like that, which when i actually thought about it,.. would not be available through a web browser, so i guess i dont know of any other one. :)
RE: clusters of proxies and other such thingsYour absolutely right on this one, it didnt occur to me, which is just dumb since that is exactly the set up I had at my last job, and it used to cause me no end of headaches. I guess i am just trying to block that part of my past out :P
RE: Cookies are clunkyI have a (probably) unfair bias against cookies, since I came from client side JS programming and migrated back to the server side. Back pre-5.0 browser, client side code for cookies was horrid, brittle and almost never cross-browser/platform. I developed a quick hatred of them. I have carried this bias along with me to my server-side programming.
As for what i feel is less clunky, I prefer to use hidden form fields for session management. Most of the applications I build for my company tend to be very form driven and the session id is only one of many bits of data I usually need to pass from page to page. As for raw HTML links, we use some creative javascript functions to minimize the headache of passing the session id on each link. Also, we exclusively use mod_perl handlers and have several URL filters to handle most other special cases.
Like i said, in the end, its more about what is acceptable behavior for your user base, or what conforms best to an existing securiy policy.
-stvnIn reply to Re: Re: Re: How should I handle Orphan Sessions?
by stvn
in thread How should I handle Orphan Sessions?
by soon_j
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |