C
Chip
I'm having some serrious issues with this method. I love the fact that you
don't need to worry about users not accepting cookies, but... The issue is
using the complete URL, with session id, in bookmarks and links. I thought I
had read that this wouldn't matter -- if someone bookmarked a URL, and went
to the site with an old session id embedded it would simply issue a new
session id. This doesn't happen. I've had the following problems:
* Using an incorrectly formed sessionid in the link: Resource can't be found
* Using an old session id in the link: session is timed out
* Using an old session id in the link: multiple users within the same
session -- this one is very troubling.
Please tell me if I may be doing something wrong here. These issues are
killers and I can't see how anybody can use this system when it's a security
risk.
Chip
don't need to worry about users not accepting cookies, but... The issue is
using the complete URL, with session id, in bookmarks and links. I thought I
had read that this wouldn't matter -- if someone bookmarked a URL, and went
to the site with an old session id embedded it would simply issue a new
session id. This doesn't happen. I've had the following problems:
* Using an incorrectly formed sessionid in the link: Resource can't be found
* Using an old session id in the link: session is timed out
* Using an old session id in the link: multiple users within the same
session -- this one is very troubling.
Please tell me if I may be doing something wrong here. These issues are
killers and I can't see how anybody can use this system when it's a security
risk.
Chip