Re: [Cppcms-users] Web Service session management
Brought to you by:
artyom-beilis
Menu
▾
▴
Re: [Cppcms-users] Web Service session management
|
From: Artyom B. <art...@ya...> - 2012-01-27 12:39:56
|
> From: Leon <le...@wl...> > > Hi, > > Cppcms uses cookies to manage session. This is fine if the client is a > browser. However, if the client is not a browser, cookie support may > not available. In this case how can we manage sessions? What is the > best practice? > > Thanks. > Any decent HTTP client supports cookies, so there is no reasons to to use them with non-browser clients. There is a very good reason to use Cookies for session management security, see for example this: <http://cppcms.com/wikipp/en/page/secure_programming#Session.handling.is.cookie.based> And if even there is no "referrer" issue, passing session id via URL for example exposes it in web server logs, proxy servers logs and so on. So the best is to use Cookies, this is what they were designed for keeps the state of the stateless HTTP protoco Artyom Beilis ------------- Support CppCMS by donating money: https://sourceforge.net/donate/index.php?group_id=209965 |
