- From: David Woolley <david@djwhome.demon.co.uk>
- Date: Tue, 27 Jul 2004 21:19:15 +0100 (BST)
- To: w3c-wai-ig@w3.org
> What does Cookie Authentication actually mean? That you prompt users > for username and password, and if user submits correct credentials, you > start a session and store session ID (any kind of identifier) to a > cookie? If so, you could also append the session ID to all the links. > [3] However, appending session ID information to the URLs may present > additional security issues. [4] The difference is that you can cancel the session cookie independently of the history. Whilst cancelling the cookie is an advantage in some applications when a user may be using a shared machine (although internet cafes really ought to purge machines between users), I think the real reason it was first invented was the normal one of wanting to be different from the built in browser dialogue.
Received on Tuesday, 27 July 2004 16:50:36 UTC