• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Session IDs in Cookies
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Session IDs in Cookies

  • Subject: Re: Session IDs in Cookies
  • From: Guido Neitzer <email@hidden>
  • Date: Mon, 27 Apr 2009 12:46:16 -0700
It depends for what I use it. If I need predictable URLs inside a statefull application, I use the cookies. If it's an administration backend, I normally don't but tend to do it anyways so that copied URLs do not work to give the person receiving the URL access to the session.

Sometimes this is just one more tiny security feature.

And most of my apps that need bookmarkable URLs are direct action based and sessionless anyways.

cug


On 27. Apr. 2009, at 12:14 , John Huss wrote:

So which do you guys typically use?

John

On Mon, Apr 27, 2009 at 1:43 PM, Chuck Hill <chill@global- village.net> wrote:

On Apr 27, 2009, at 11:39 AM, Mike Schrag wrote:

Pros of Cookies
1) stateful DA urls are bookmarkable without junk in them
2) people love to send eachother URLs and nothing sucks worse than when they don't understand that it's a huge security risk to include your session id

3) You can navigate back and forth between your app and static pages and not lose your session




Cons of Cookies
1) opening multiple windows on your app is a lot more annoying because they will share the same set of cookies (so you can't easily login as two different people in dev mode)
2) if you have any issues with host names (you probably have other problems if this is the case), you can lose your cookies if the host name changes on you

On Apr 27, 2009, at 2:33 PM, Kieran Kelleher wrote:

What are the benefits of using SessionIDs in cookies over WebObjects' default sessionID in URL strategy?

-Kieran
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden




_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden




--
Chuck Hill             Senior Consultant / VP Development



Come to WOWODC'09 in San Fran this June!
http://www.wocommunity.org/wowodc09/




_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden



_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden


_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden






References: 


 >Session IDs in Cookies (From: Kieran Kelleher <email@hidden>)


 >Re: Session IDs in Cookies (From: Mike Schrag <email@hidden>)


 >Re: Session IDs in Cookies (From: Chuck Hill <email@hidden>)


 >Re: Session IDs in Cookies (From: John Huss <email@hidden>)






    

  • Prev by Date:
Re: Session IDs in Cookies

    • 

  • Next by Date:
Re: Session IDs in Cookies

    • 

  • Previous by thread:
Re: Session IDs in Cookies

    • 

  • Next by thread:
Re: Session IDs in Cookies

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •