Reply
Wed 29 Aug, 2007 04:49 pm
I was on a thread, and I wanted to link to a website. I noticed that the web address had a "session ID" suffix. I seem to remember, somewhere in the mists of time, that session IDs were dangerous, because it could open a computer user to hackers.
I tried to lop off the "session ID", but then the link did not work.
Am I remembering correctly, and what can I do to link to the page that is not dangerous?
Don't worry Phoenix SessionIDs are harmless - in fact without one you can't even use http (it's how the web server knows which browser is requesting which page). You always have a sessionID but it's usually hidden some web applications display it (they are using the POST method rather than GET - but that's another boring diatribe)
In a lot of ways sessionIDs are much less invasive than using cookies to track the users path through a web site. A cookie persists past the current session - the sessionID only works until the browser is closed or the session timeout is reached through inactivity (typically 15 to 30 minutes).
The one downside of showing sessionIDs in URLs is that if people bookmark them or send them to other people they won't work (because the session has lapsed or was initiated by another browser.
<fluff>
Thanks for the explanation, Hingehead!
Stumble It!
Tweet This
Bookmark on Delicious
Share on Facebook
Share on MySpace