• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Session IDs in Cookies
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Session IDs in Cookies

  • Subject: Re: Session IDs in Cookies
  • From: Kieran Kelleher <email@hidden>
  • Date: Mon, 27 Apr 2009 19:36:16 -0400
Is there any special considerations for woa apps where some pages are served using http and others https and where the app uses automatic redirects when the transition form one page to another dictates a schema switch?

I guess in termination, we need to be killing the cookie by replacement with a empty wosid cookie, if so what about the isSecure constructor parameter (since logout is available on every page from the PageWrapper)? ... just check the current response and decide with that?

-Kieran

On Apr 27, 2009, at 2:43 PM, Chuck Hill wrote:


On Apr 27, 2009, at 11:39 AM, Mike Schrag wrote:

Pros of Cookies
1) stateful DA urls are bookmarkable without junk in them
2) people love to send eachother URLs and nothing sucks worse than when they don't understand that it's a huge security risk to include your session id

3) You can navigate back and forth between your app and static pages and not lose your session




Cons of Cookies
1) opening multiple windows on your app is a lot more annoying because they will share the same set of cookies (so you can't easily login as two different people in dev mode)
2) if you have any issues with host names (you probably have other problems if this is the case), you can lose your cookies if the host name changes on you

On Apr 27, 2009, at 2:33 PM, Kieran Kelleher wrote:

What are the benefits of using SessionIDs in cookies over WebObjects' default sessionID in URL strategy?

-Kieran
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden



_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden




--
Chuck Hill             Senior Consultant / VP Development

Come to WOWODC'09 in San Fran this June!
http://www.wocommunity.org/wowodc09/

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden


_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden






References: 


 >Session IDs in Cookies (From: Kieran Kelleher <email@hidden>)


 >Re: Session IDs in Cookies (From: Mike Schrag <email@hidden>)


 >Re: Session IDs in Cookies (From: Chuck Hill <email@hidden>)






    

  • Prev by Date:
Re: Project Management Tools

    • 

  • Next by Date:
Re: Project Management Tools

    • 

  • Previous by thread:
Re: Session IDs in Cookies

    • 

  • Next by thread:
Inverse Relationships

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •