ObjectWeb Consortium
Search ObjectWeb Mail Archive: 

Advanced Search - Powered by Google

Mail Archive Home | enhydra List | Febuary 1999 Index

<--  Date Index  --> <--  Thread Index  -->

Re: Enhydra: Cookie-less session management

>Suppose you wanted to point to somewhere in one of these applications,
>for example /login/Login.po. You wouldn't know what session ID to tack
>on (it would not have been generated yet). To work around this you could
>use a previous idea, where the session id starts with a unique string.
>Then you can tell if there is an id present or not. Then for any
>incomming URL like "/login/Login.po", a new session would be generated,
>then return a redirect response to "/SID123456789/login/Login.po".
If the application uses relative urls, the /login/Login.po is requested only
from an external link. /123456/foo/Foo.po/..//login/Login.po would be the
url when coming from a page of the application.
Also, the only pb is to be able to detect the session number, starting with
a given string (SID) is a way, parity checking of the number another.
>Like I said before, this would require changes to the PresentationManager,
>and the SessionManager, so it's non trivial. How much demand/need for
>not using cookies is there out there? The query-string idea can be
>implemented as a new SessionManager which can be swapped in when desired,
>but to implement the url-prefix idea would require (it seems) changes
>to the framework that would tie together the SessionManager,
>PresentationManager and HttpRequest objects....
Using the query-string is probably an ok solution for simple applications, but generates
number of problems:
+ Use of both query-string and post when submitting forms (or hiiden fields)
+ Pbs of using both the quer-string and anchors (IE4 bug)
+ Adds complexity to _javascript_ programming (needs to be aware of session number)
Onb the other hand, cookies do not have the same behaviour among the browsers when
using pop-up windows.

<--  Date Index  --> <--  Thread Index  -->

Reply via email to:

Powered by MHonArc.

Copyright © 1999-2005, ObjectWeb Consortium | contact | webmaster.