[prev in list] [next in list] [prev in thread] [next in thread] 

List:       php-general
Subject:    Re: [PHP3] Session Management
From:       Sascha Schumann <sascha () schumann ! cx>
Date:       2000-03-31 21:24:11
[Download RAW message or body]

On Fri, Mar 31, 2000 at 01:02:42PM -0800, Jeff Schwartz wrote:
> Why do they only have one second to see it? 
> 
> If the session ID is part of the URL, it shows in the user's Address bar
> as long as they're on that page, doesn't it?

When was the last time you had to remember a completely random
(to the visitor) string of this length? How long did it take you
to memorize it, so that you could respell it correctly?

There are larger problems with embedding the ID in the URL. For
example, the HTTP referer problem. 

- Sascha

-- 
PHP 3 Mailing List <http://www.php.net/>
To unsubscribe, send an empty message to php3-unsubscribe@lists.php.net
To subscribe to the digest, e-mail: php3-digest-subscribe@lists.php.net
To search the mailing list archive, go to: http://www.php.net/mailsearch.php3
To contact the list administrators, e-mail: php-list-admin@lists.php.net

[prev in list] [next in list] [prev in thread] [next in thread]