Re: Session communication
Re: Session communication
- Subject: Re: Session communication
- From: Arturo Pérez <email@hidden>
- Date: Thu, 17 Mar 2005 15:49:31 -0500
HTTP authentication has all kinds of practical problems. Weak
encryption, insecurity, etc, etc, etc.
It has its place, though.
-arturo
On Mar 17, 2005, at 3:44 PM, PA wrote:
On Mar 17, 2005, at 21:31, Sam Barnum wrote:
I've done a little toying around with something similar. When a user
logs in, I register that session at the application level, and call
logout() on any existing registered sessions for the same user which
haven't already been closed or logged out of. Logging out removes
the session from the application session list.
This is all good and well, but... why use session in the first place
then?
The point of sessions, as practiced by the church of Cupertino, is to
provide a random identifier for a period of time. This is obviously
not what you want as you already can uniquely identify your users
thanks to their credentials. Sessions simply get in the way at that
point.
So why not use what HTTP already provides for identifying users across
HTTP requests, namely HTTP authentication?
http://www.faqs.org/rfcs/rfc2617.html
Cheers
--
PA, Onnay Equitursay
http://alt.textdrive.com/
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
email@hidden
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden