Someone told me session/coockieless doesnt work in

R

raniemindidly

New Member
Hi,<BR><BR>Someone told me sessions with coockieless only work with IE, <BR>and not with the other browsers,... is it true?<BR><BR>1. if this is true is it possible that IE have another ways to control people that are conected, dispensing cookies and using other ways to know who I am, as internal power feature for them?<BR><BR>2. if it really goes only by the url that way we loose the confidencialittie of some info because of everything going through the URL? per example, a username or the last digits of a VISA card?<BR><BR><BR>cheers,<BR>JV<BR>-->Someone told me sessions with coockieless only work with IE, <BR>and not with the other browsers,... is it true?<--<BR><BR>NOT TRUE, IT IS FALSE<BR><BR>The browser is *ONLY* a piece of software that is installed on your computer. This piece of software enables you to view HTML pages. They have a build in interpreter that can read HTML and some <script's><BR><BR>Search on Session variables, they generated by the server/cookies that's why cookies need to be enable on the users browser. If not then no Session variables can existe.<BR><BR><BR>I assume you are referring to setting session state saving to "cookieless" in config. If so, then the server will actually munge your session information into the URL automatically, so I'm going to guess that it will work on most browsers (although I could be wrong).<BR><BR>As for personal information being exposed in the URL query string, I think you're confusing session information with "get" form posts, where name and value pairs are displayed in the querystring. Although I haven't used the cookieless functionality, they'll probably generate some random session Id and use that... I can't see any scenario where personal information would be used as an identifier.Yea, it actually works great in cookieless mode in all browsers...even on my crappy palm device!<BR><BR>It just puts a string in the url like...<BR><BR>http://www.domain.com/(dkjh4587khj34lkjh346kj)/page.aspx<BR><BR>...it does it all for you, really simple. Security is not an issue as far as it passing stuff in the QS like you may have been thinking. But they CAN add that page to their favorites and return to it....that MAY be an issue on some sites.
 
You must log in or register to reply here.
Back
Top