|
|
Posted by Sanders Kaufman on 10/30/07 20:07
"Rik Wasmus" <luiheidsgoeroe@hotmail.com> wrote in message
news:op.t000eseg5bnjuv@metallium.lan...
> Which is no use for a 'remember me' feature as the sessionid will have to
> get to the script some way: either by GET query-string, POST value (both
> of which aren't available on the next visit) or COOKIE value (which BTW is
> the default for sessions). A cookie is the only way to implement this, and
> for security reasons I always advise clients to forget about that feature.
That sentiment always reminds me of Tony Soparano.
In one episode, a bean-counter is working on the books while Tony plots some
scheme.
Mid-sentence, Tony stops and says "Hey, turn that thing off - that cookie
shit scares the hell out of me.".
Cookies won't hurt you.
Navigation:
[Reply to this message]
|