texte = 666--94eb2c0c8ea2f3bf19053f5ca163Content-Type: text/plain; charset=UTF-8Dale,Hi - I use a cookie - set when the user authenticates - and a session.db.Cookies are encrypted and set as HTTP_only and secure if SSL is available.The session cookie should really only be transmitted over SSL.The session.db links the cookie to the user. There is a session-time fieldin the DB which is updated on each page refresh. If session-time isgreater than the idle time setting (usually 30 minutes), then the user iskicked out and has to re-login.I haven't used the new [session] tag. Looks interesting, but unless I'mreading the spec incorrectly it looks like the [session] has to passedaround as part of the URL - or in post data. That's not something I reallywant to do.Maybe the [browserIDmatch] tag could be used as an extra check though - Iassume that should be consistent for a specific browser regardless of theactual session value?- Tom--94eb2c0c8ea2f3bf19053f5ca163Content-Type: text/html; charset=UTF-8Content-Transfer-Encoding: quoted-printable
Dale,
Hi - I use a cookie - set when th=e user authenticates - and a session.db.
Cookies a=re encrypted and set as HTTP_only and secure if SSL is available.=C2=A0 The= session cookie should really only be transmitted over SSL.
<=br>
The session.db links the cookie to the user.=C2=A0 There is a= session-time field in the DB which is updated on each page refresh.=C2=A0 =If session-time is greater than the idle time setting (usually 30 minutes),= then the user is kicked out and has to re-login.
=I haven't used the new [session] tag.=C2=A0 Looks interesting, but unle=ss I'm reading the spec incorrectly it looks like the [session] has to =passed around as part of the URL - or in post data.=C2=A0 That's not so=mething I really want to do.
Maybe the=C2=A0[brows=erIDmatch] tag could be used as an extra check though - I assume that shoul=d be consistent for a specific browser regardless of the actual session val=ue?
- Tom
---------------------------------------------------------This message is sent to you because you are subscribed tothe mailing list