Re: Cookieless Sessions (Sessions Without Cookies) and Security

---

• From: "scottymo" <scottm@xxxxxxxxxxxxxxxxxx>
• Date: 29 Sep 2006 10:47:12 -0700

---

Thanks for the quick reply.

Some suggest that SSL is the cure all for cookieless sessions. I did
not want to due this initially, but if will allow the secure use of
cookieless sessions, it may be the only option. What are your thoughts?
Does SSL close the security gaps opened by cookieless sessions, or at
least make them as secure as sessions with cookies?

Here is another thought: are sessions with cookies really that much
more secure than cookieless sessions? If someone knows how to obtain
your URL from a remote location, that same person can probably spoof
your cookie.

.

---

• Follow-Ups:
  • Re: Cookieless Sessions (Sessions Without Cookies) and Security
    • From: Dominick Baier

• References:
  • Cookieless Sessions (Sessions Without Cookies) and Security
    • From: scottymo
  • Re: Cookieless Sessions (Sessions Without Cookies) and Security
    • From: Dominick Baier

• Prev by Date: Re: Cookieless Sessions (Sessions Without Cookies) and Security
• Next by Date: Authentication Sharing Across Apps
• Previous by thread: Re: Cookieless Sessions (Sessions Without Cookies) and Security
• Next by thread: Re: Cookieless Sessions (Sessions Without Cookies) and Security
• Index(es):
  • Date
  • Thread

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)