RTC Forums
November 24, 2024, 10:05:03 AM *
Welcome, Guest. Please login or register.

Login with username, password and session length
 
   Home   Help Login Register  
Pages: [1]
  Print  
Author Topic: clearing session Id from URL  (Read 4989 times)
clockon
RTC Expired
*
Posts: 22


« on: April 04, 2014, 04:49:07 AM »

hi

There may be no way around this, I just want to ask the question.

If you don't have cookies enabled and the server relies on the browser query having the session id:

www.google.com.au/?sid=1234567890

if you store information against the session using that id, then the user opens another window to the site or manually keys in the url:

www.google.com.au/

the sessionId is not supplied so the request opens a new session and the data stored against the session is no longer available for that window. Is there anyway to get the session id without a cookie or is that just a limitation on browsers?
Logged
D.Tkalcec (RTC)
Administrator
*****
Posts: 1881


« Reply #1 on: April 04, 2014, 08:03:25 AM »

To my knowledge, it isn't possible.

Also, from Servers point of view, a new Browser Window is a new Client, which requires a new Session ID. Would a user copy the complete URL with the Session ID and try executing a query in both Windows at the same time, one of them would not be able to lock the Session for access, because Session access is exlusive to one physical connection at a time.

Best Regards,
Danijel Tkalcec
Logged
clockon
RTC Expired
*
Posts: 22


« Reply #2 on: April 04, 2014, 02:49:45 PM »

Yeh kool it's what I figured but thought id ask the question thanks Smiley
Logged
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.21 | SMF © 2015, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.023 seconds with 16 queries.