I only know of two real ways to do this.

1) Embedding the session id in the URL:

You can implement this one in two ways, or some combination thereof. The first way is manual, where you assign a template variable to contain the id and manually include it in every URL. This generally sucks from a designer's perspective. The second way is have something that automatically adds it; depending on the languages and technologies you are using, it's usually fairly easy to do, but some things can prevent it.

This technique has several flaws, the most major of which is security. People, in general, don't think of URLs as something to be security concious of and will probably freely share them. If their session id is stored in the url and someone else uses it, they'll probably have access to what ever sensitive data was stored in the session. You can try to prevent this by adding checks based on originating ips of the sessions but that runs the risk of screwing, or at least annoying, people behind a rotating proxy, for example, AOL.

2) The second solution is to just use cookies. They're simple, incredibly easy to use, and already handle all of the above security concerns. The only down side is that occasionally they won't work, but really, the percentage of people who have actually disabled cookies is so small it's probably not worrying about. In general, if they want to use your service and cannot do it with out cookies, they'll turn cookies on.

To summarize, if you just want to track each user on your site much like amazon does, you should probably use session ids in the url. It doesn't need to be secure but does need to work for most everyone. If you have secure data you're protecting via the session id, you probably want cookies, much like amazon does when you actually log in to your account.

In reply to Re: How do you do sessions in Web Sites by BUU
in thread How do you do sessions in Web Sites by digiryde

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.