While I agree that concern with passers-by memorizing or writing down a session ID in the URL is excessive (especially since most sites' session IDs are tacked onto the end of a URL that's large enough that it isn't all displayed on the screen anyhow), putting it in the URL also means that it will be recorded in the server's access log as well as any intermediate proxy logs. Those logs may be readable by untrusted third parties, creating a possible threat. (I wouldn't go so far as to call it a likely threat, but it's nowhere near as remote a possibility as someone looking over your shoulder and getting it off the screen.)
In any case, like you, I've pretty well taken the position that cookies are a fact of life if you want to log in to a site, so just enable them (but disable third-party cookies if your browser has that option) and get on with it.
-
Are you posting in the right place? Check out Where do I post X? to know for sure.
-
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big>
<blockquote> <br /> <dd>
<dl> <dt> <em> <font>
<h1> <h2> <h3> <h4>
<h5> <h6> <hr /> <i>
<li> <nbsp> <ol> <p>
<small> <strike> <strong>
<sub> <sup> <table>
<td> <th> <tr> <tt>
<u> <ul>
-
Snippets of code should be wrapped in
<code> tags not
<pre> tags. In fact, <pre>
tags should generally be avoided. If they must
be used, extreme care should be
taken to ensure that their contents do not
have long lines (<70 chars), in order to prevent
horizontal scrolling (and possible janitor
intervention).
-
Want more info? How to link
or How to display code and escape characters
are good places to start.
|