i looking non-cookie based session management in node.js, pass parameter in url &session_id=. know session has expired when request comes session_id. i've looked @ connect library, looks cookie based only.
warning
passing session id parameter considered bad practice. why? dangerous because people don't care session id , publish/share links session ids inside.
it's problem because when user clicks external link on web, , goes site, new site able see session_id in referrer link.
so don't think idea. cookies more secure.
have at: session hijacking
Comments
Post a Comment