Persisting Authentication

Results 1 to 2 of 2

Thread: Persisting Authentication

  1. #1
    Join Date
    Dec 1969

    Default Persisting Authentication

    I&#039;m working on a commercial site that has paid subscriptions, and my client has asked that it be reasonably secure (the more secure the better, but he doesn&#039;t want ssl security). I have heard so many negative things about using Session variables so I have tried setting it up without, using cookies for holding a guid session key, and a url parameter that holds the acct number. I don&#039;t like it at all. It seems very messy - putting in the acct number parameter on every link to keep from losing it.<BR><BR>IS there a better way? I&#039;m an intermediate ASP user - not like most of you gurus. Would REALLY appreciate your help.<BR><BR>Thanks <BR><BR>G. Michael.

  2. #2
    Join Date
    Dec 1969

    Default RE: Persisting Authentication

    Session vars aren&#039;t as bad as they were with the cheapness of memory and processing power these days, and are fine if you keep the data small.<BR><BR>plain cookies are OK, but hijackable (then again, so are sessions, but in a shorter window of time).

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts