Re: sessions on websites
- From: "Octavian Rasnita" <orasnita@xxxxxxxxx>
- To: <programmingblind@xxxxxxxxxxxxx>
- Date: Fri, 5 Dec 2008 12:45:38 +0200
Sorry but this is not true.
It requires much more work to add the session ID in the query string for
absolutely all the requests to your site, and it may also be a security
problem, because if someone copies and pastes an URL to your site in an email
and send it to someone else, that URL will contain the session ID, and any
other visitor that would use that link will have access with the permissions of
the authorized user.
Of course, you can set the session to accept requests only from the same IP
address that was used for creating the session, but that might create other
problems for the users which are behind a server that change the IP address
possibly on each request for the same user.
The best way is to use session cookies, and this means cookies which don't have
an expiration date, so they won't be saved on the visitor's computer and will
be lost when closing the browser.
Octavian
----- Original Message -----
From: "Ricks Place" <OFBGMail@xxxxxxxxx>
To: <programmingblind@xxxxxxxxxxxxx>
Sent: Friday, December 05, 2008 12:17 PM
Subject: Re: sessions on websites
> Hi:
> This is called Security. To do what you want you would have the pages you
> want displayed flagged in some way so that when you display the links for
> those pages only those pages allowed based on some kind of security level
> will be displayed to each user.
> Typically you would keep a list of user Id's and Passwords in a file or
> DataBase. Then before creating the page with the list of links you would
> check the currently logged in user against that list. If they are on the
> list you display the secure links along with the non-secure or often called
> links for quote Anonymus Users.
> That whole subject can be as simple as a text file with some codes you check
> at Page Load time or as complex as using a DataBase driven Security System.
> The Session Variable would just be a place to hold a value like a UserId or
> Key Code which would follow the currently logged-in user around your site
> and used like any other variable. Session variables do have some nasty
> problems though and you might just put your security key or code or other
> indication of successful login in the Page Query String. This is much easier
> and poses many fewer problems.
> Rick USA
> .
> ----- Original Message -----
> From: "Alex Hall" <mehgcap@xxxxxxx>
> To: <programmingblind@xxxxxxxxxxxxx>
> Sent: Thursday, December 04, 2008 2:53 PM
> Subject: sessions on websites
>
>
>> Hi all,
>> This is more on-topic than my last post, but still regarding the internet.
>> I am doing a project for web programming and will get extra credit if I
>> can use a session to let the user go to some places and not others. For
>> example, anyone can go to index.html but only logged-in members can go to
>> welcome.html or contact_manager.php. I know I can use either cookies
>> (which I would like to avoid as there seems to be no definitive,
>> easy-to-understand tutorial on them) or I could use session variables in
>> php (the only server-side language I know). I do not understand how I can
>> use either of these to restrict access. For an example, go to
>> Bookshare.org. If you do not log in, every page offers a login form. If
>> you are logged in, you can visit the member homepage and you do not see
>> the login form unless you close the browser; even going to another site
>> and coming back will keep you logged in. All the pages, though, are html,
>> not php or another language. HOW???? Thanks for any help/info. I just
>> want to know how to do this, I do not expect the code written for me,
>> especially as this is a project and not something I am doing for my own
>> education on my own time.
>>
>> Have a great day,
>> Alex
>> __________
>> View the list's information and change your settings at
>> //www.freelists.org/list/programmingblind
>>
>>
>> __________ Information from ESET NOD32 Antivirus, version of virus
>> signature database 3663 (20081204) __________
>>
>> The message was checked by ESET NOD32 Antivirus.
>>
>> http://www.eset.com
>>
>>
>>
>
> __________
> View the list's information and change your settings at
> //www.freelists.org/list/programmingblind
>
__________
View the list's information and change your settings at
//www.freelists.org/list/programmingblind
Other related posts:
