Session ID question.

Results 1 to 5 of 5

Thread: Session ID question.

  1. #1
    Join Date
    Dec 1969

    Default Session ID question.

    Hello all. I will start developing a website for the client next week. I already have an idea on how I&#039;m going to do it. There is one thing, however, I would like to get your opinion on. I&#039;ve seen some websites ( for example) where they pass session id in the URL. Is it a good idea ? What are drawbacks? The one I can think of is that users wont be able to start it from favorites. Are there others ? Are there any advantages ? Any kinda input is greatly appreciated.<BR>Tia.

  2. #2
    Join Date
    Dec 1969

    Default RE: Session ID question.

    I, generally, use the built-in Session management that ASP provides. Knowing that it doesn&#039;t work when cookies are disabled, I figure it&#039;s a risk I&#039;m willing to take becausethe majority of my audience has them enabled.

  3. #3
    Join Date
    Dec 1969

    Default I agree with God...

    Passing the session id in the querystring is just nutso. Among other things, it&#039;s just *asking* to get hacked.<BR><BR>Granted, the sessionID is not 100% secure even when you let ASP handle it for you (it has to be stored in a temporary cookie in the user&#039;s browser, but at least it is heavily encrypted!), but it&#039;s a lot more secure that chucking it into the URL. Not to mention easier. Not to mention the disadvantage you noted.<BR><BR>

  4. #4
    mauriciovladimir2003 Guest

    Default If you filter data acording your login?

    maybe page.asp?id=15 only gets the data of the id 15...<BR><BR><BR>Yes you must use session variables.<BR>

  5. #5
    Join Date
    Dec 1969
    Los Angeles, CA

    Default The point being?? <eop>


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts