Saving Browser State without Cookies
Paul Rubin
phr-n2002a at nightsong.com
Thu Feb 7 19:55:42 EST 2002
More information about the Python-list mailing list
Thu Feb 7 19:55:42 EST 2002
- Previous message (by thread): Saving Browser State without Cookies
- Next message (by thread): Saving Browser State without Cookies
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
"Steve Holden" <sholden at holdenweb.com> writes: > However, *if* PHP allows you to associate requests with session state, then > *either*: > > a) it does use cookies, you just don't know about them, or > b) it puts session references in the URL. > > There simply isn't any other available mechanism. So maybe what you're > looking for is an interface that hides the cookie implementation from the > programmer? There are several other ways to track session: - Hidden form fields populated by the server - User data persistence (a messy and evil IE-specific cookie-like data store) - SSL session identifier (beware, not guaranteed to be persistent) - Put session tag in the URL of a surrounding or internal frame, and retrieve the tag with client side javascript (pass back to server via hidden form field). That's a variant of the URL scheme but keeps the session tags out of the navigation bar. - Maybe other stuff I haven't thought of - Client side browser extensions can use various schemes of their own The most important thing is not to send server-confidential information like database passwords to the client under any circumstances, and do NOT eval stuff that the client sends to the server (someone had suggested a scheme like that). Also, don't use the pickle module or the default ("smart") cookie objects from the cookie module to build cookie strings.
- Previous message (by thread): Saving Browser State without Cookies
- Next message (by thread): Saving Browser State without Cookies
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-list mailing list