Can I Identify Users/sessions Without Password Protection

Can I Identify Users/sessions Without Password Protection


  • 2 Feb, 2012

    The most usual (but browser-dependent) way to do this is to set a cookie.If you do this, you are accepting that not all users will have a 'session'.An alternative is to pass a session ID in every GET URL, and in hiddenfields of POST requests. This can be a big overhead unless _every_ pagerequires CGI in any case.Another alternative is the Hyper-G[1] solution of encoding a session-id inthe URLs of pages returned:http://hyper-g.server/session_id/real/path/to/pageThis has the drawback of making the URLs very confusing, and causes anybookmarked pages to generate old session_ids.Note that a session ID based solely on REMOTE_HOST (or REMOTE_ADDR)will NOT work, as multiple users may access your pages concurrentlyfrom the same machine.[1] Actually I don't think that's been true of Hyper-G since sometimein '96. However, general advances in web server technology, such asApache's mod_alias or mod_rewrite, make it straightforward withoutthe need for CGI.

    Comments Received:
    Please give your suggestions and feedback:

2009-2016 downloadmela.com. All rights reserved.