in reply to Re: Maintain Session without Cookies?
in thread Maintain Session without Cookies?
If you embed session the URL, use some common sense:
nop
- if a session shows no activity for 30 minutes, kill the session and start a new one. depending on your site, this may mean asking for a login, or it may mean just cutting a new session key.
- if a session comes in that is "inconsistent" (different browser type, different referrer, etc) with the last session request, kill the session.
- as merlyn says here, make the session key unguessable
nop
In Section
Seekers of Perl Wisdom