|
Posted by Jerry Stuckle on 08/18/06 12:18
Rik wrote:
> lorenzdominic_@hotmail.com wrote:
>
>>Hi thanks Bartek for your help.
>>If the Session ID is "silently added" what is the need to append a
>>Session ID to a URL when not using cookies?
>
>
> The user/UA has to identify itself. There are mainly 3 possibilities:
> 1. Cookie (preferred).
> 2. POST variable
> 3. GET variable
>
>
>>As this is the way I thought I had to do it? I was appending the
>>Session ID to the URL when accessing another page.
>
>
> When using GET variables, HTTPS is a must.
>
And why is that? There's no major difference between GET and POST in
how the data is sent to the server. And the user could change the GET
param whether http or https is used.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
[Back to original message]
|