Simple answer ... there is no easy reliable alternative to:
a. cookie
b. Stick it in the request URL and/or data ... many alternatives in the
details
Basically, the session id must be sent from the client to the server with
every request. If you use HTTP Authentication, the concept of a session is
orthoginal to authentication as the authentication process is repeated
under the covers with each request ... in most cases as long as the
browser process remains active. If you implement authentication as part
of your application (e.g., HTML forms based) then you can choose to
associate successful authentication with some form of session OR you can
mimic the HTTP authentication and resend the credentials with each
request.
Your choices may be limited by your choice of server, client, etc.
On Wed, 11 May 2005, Florian Weimer wrote:
* Gaurav Vaish:
"Authentication through forms" is not the way that HTTP authentication
works. If you would be doing HTTP authentication*
You do need cookies then or you can use a special 'session id' option in
the tag.
I understand that and know how the HTTP Authentication works.
All I was interested in was... whether there's some way, other than
cookie or "session-ID" option (ugly parameter to URL) through which I
can track the session.
You could put the session ID in the domain name, but this is a bad
idea for various reasons.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf