Lists

Terms and Conditions
Lists hosted on this site
Email the Postmaster
Tips for posting to public mailing lists

Maintaining State was: Re: Web Objects URLs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Maintaining State was: Re: Web Objects URLs

Subject: Maintaining State was: Re: Web Objects URLs
From: Deirdre Saoirse Moen <email@hidden>
Date: Wed, 9 May 2001 16:04:01 -0700

I'm curious about the way that WebObjects maintains state without using
cookies. Can anyone point me to a discussion of Web Objects URLs? I'm
primarily interested in security implications - for example, can sensitive
data be reverse engineered, and can the page pointed to by the URL be set
to expire the way a cookie can?

There are several common methods of maintaining state, and cookies are only one of them. As you note, they break when the client doesn't cooperate.

Others include:

1) URL encoding, which WebObjects uses.
2) Hidden information in the page (mostly for forms).

I've seen a few other weird ones, including using DNS & web servers -- the subdomain was used as the session key; all URLs would be relative to that base and the DNS and web server was set up to recognize weird arbitrary strings as valid.

--
_Deirdre Stash-o-Matic: http://weirdre.com http://deirdre.net
"I love deadlines. I like the whooshing sound they make as they fly by."
- Douglas Adams

References:
	>Web Objects URLs (From: email@hidden)

Prev by Date: Web Objects URLs
Next by Date: Getting rid of pbdevelopment.plist
Previous by thread: Web Objects URLs
Next by thread: Re: Web Objects URLs
Index(es):
- Date
- Thread