Re^3: Another question about session-id


There's more than one way to do things
	PerlMonks

Re^3: Another question about session-id

by dsheroh (Monsignor)

on Dec 17, 2007 at 06:15 UTC ( [id://657375]=note: print w/replies, xml )

Need Help??

in reply to Re^2: Another question about session-id
in thread Another question about session-id

While I agree that concern with passers-by memorizing or writing down a session ID in the URL is excessive (especially since most sites' session IDs are tacked onto the end of a URL that's large enough that it isn't all displayed on the screen anyhow), putting it in the URL also means that it will be recorded in the server's access log as well as any intermediate proxy logs. Those logs may be readable by untrusted third parties, creating a possible threat. (I wouldn't go so far as to call it a likely threat, but it's nowhere near as remote a possibility as someone looking over your shoulder and getting it off the screen.)

In any case, like you, I've pretty well taken the position that cookies are a fact of life if you want to log in to a site, so just enable them (but disable third-party cookies if your browser has that option) and get on with it.

Comment on Re^3: Another question about session-id

In Section Seekers of Perl Wisdom

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://657375]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others lurking in the Monastery: (4)

As of 2024-04-18 04:40 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Today I Learned

Voting Booth^?

No recent polls found