In addition, because
the cookie can remain on the client even after a session ends, it can be read in
during a subsequent session, meaning that persistence is maintained even
across long periods of time and inactivity. However, keep in mind that because
cookie acceptance is a matter ultimately controlled by the client, you must be
prepared for the possibility that the user has disabled cookie support within the
browser or has purged the cookies from their machine.
CHAPTER 18 ?– SESSION HANDLERS 447
??? URL rewriting: The second method used for SID propagation simply involves
appending the SID to every local URL found within the requested page. This
results in automatic SID propagation whenever the user clicks one of those local
links. This method, known as URL rewriting, removes the possibility that your
site??™s session-handling feature could be negated if the client disables cookies.
However, this method has its drawbacks. First, URL rewriting does not allow for
persistence between sessions, because the process of automatically appending
a SID to the URL does not continue once the user leaves your site. Second, nothing
stops a user from copying that URL into an e-mail and sending it to another
user; as long as the session has not expired, the session will continue on the
recipient??™s workstation. Consider the potential havoc that could occur if both
users were to simultaneously navigate using the same session, or if the link
recipient was not meant to see the data unveiled by that session.
Pages:
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525