Simple answer ... there is no easy reliable alternative to:
a. cookie
b. Stick it in the request URL and/or data ... many alternatives in the
details
...neither of which are good places to store authentication tokens if exposure
of such tokens would compromise either the resource being accessed
or the user's identity. neither cookies nor URLs are typically well-protected
against accidental exposure. they were not designed to be used for
authentication.
see RFC 2964 for more on use of cookies.
Keith
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf