Montag, 13. Oktober 2008

Session Cookies and Application Strategy

- Do you need protection_forgery? Yes!
- Does a browser need cookies turned on? Yes!
- Is there no otherway around it? No!
Passing infomation in the url is neiter restful, nor safe!
- What about people that have their cookies turned off?
We have to give let them know that cookies are safe in the contect of our application, and they hold no personal information and they are encrypted.
- What about mobile phone browsers that mostly have no cookie capabilities?
Same as cookies turned off, may adding somthing about mobile phones too.
The user can set up his account as "Mobile Phone Enabled" from a web browser and tell them about the cookie problem, but give them the solution to have the application use IP as the cooke key - with the small problem that if thier provider issues them with a new IP during the session, they will have to relogin.

Keine Kommentare: