Comments on: no more cookies http://wonkabar.org/archives/258 linux, databases, cartoons and cornflakes Tue, 06 Jan 2009 10:56:44 +0000 http://wordpress.org/?v=2.6.2 By: Stuart Longland http://wonkabar.org/archives/258#comment-9286 Stuart Longland Sat, 24 Mar 2007 06:06:55 +0000 http://wonkabar.org/archives/258#comment-9286 Sadly, HTTP doesn't leave many avenues of session management. Either one has to use cookies to pass a session ID on the client, or it has to be passed in GET/POST variables. Since you can't pass a POST variable in a hyperlink, this means GET variables, which leave yourself open to session hijacking. (as people can simply copy & paste the URL) I know cookies are frequently abused, but how else does one accomplish some of these other tasks? Sadly, HTTP doesn’t leave many avenues of session management.

Either one has to use cookies to pass a session ID on the client, or it has to be passed in GET/POST variables. Since you can’t pass a POST variable in a hyperlink, this means GET variables, which leave yourself open to session hijacking. (as people can simply copy & paste the URL)

I know cookies are frequently abused, but how else does one accomplish some of these other tasks?

]]>