Re: Session communication
Re: Session communication
- Subject: Re: Session communication
- From: PA <email@hidden>
- Date: Thu, 17 Mar 2005 21:44:28 +0100
On Mar 17, 2005, at 21:31, Sam Barnum wrote:
I've done a little toying around with something similar. When a user
logs in, I register that session at the application level, and call
logout() on any existing registered sessions for the same user which
haven't already been closed or logged out of. Logging out removes the
session from the application session list.
This is all good and well, but... why use session in the first place
then?
The point of sessions, as practiced by the church of Cupertino, is to
provide a random identifier for a period of time. This is obviously not
what you want as you already can uniquely identify your users thanks to
their credentials. Sessions simply get in the way at that point.
So why not use what HTTP already provides for identifying users across
HTTP requests, namely HTTP authentication?
http://www.faqs.org/rfcs/rfc2617.html
Cheers
--
PA, Onnay Equitursay
http://alt.textdrive.com/
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden