> What does Cookie Authentication actually mean? That you prompt users > for username and password, and if user submits correct credentials, you > start a session and store session ID (any kind of identifier) to a > cookie? If so, you could also append the session ID to all the links. > [3] However, appending session ID information to the URLs may present > additional security issues. [4] The difference is that you can cancel the session cookie independently of the history. Whilst cancelling the cookie is an advantage in some applications when a user may be using a shared machine (although internet cafes really ought to purge machines between users), I think the real reason it was first invented was the normal one of wanting to be different from the built in browser dialogue.Received on Tuesday, 27 July 2004 16:50:36 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 20 September 2007 14:03:54 GMT