Timeline for Storing session key in a hidden field
Current License: CC BY-SA 3.0
9 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Jun 29, 2015 at 16:14 | vote | accept | PhillyNJ | ||
| Jun 29, 2015 at 15:04 | comment | added | svidgen | @PhillyNJ See my addendum. Maybe that speaks more to what you're trying to do ... | |
| Jun 29, 2015 at 15:04 | history | edited | svidgen | CC BY-SA 3.0 |
added 1022 characters in body
|
| Jun 29, 2015 at 14:57 | history | edited | svidgen | CC BY-SA 3.0 |
added 1022 characters in body
|
| Jun 29, 2015 at 14:46 | comment | added | svidgen | @PhillyNJ Yep. My assumption is that that action constitutes either the modification of an existing session sub-system or the creation of a new one. In either case, it'll be wise to consider the first two bullets above. And the third bullet is a consideration that is implicit to the cookie to not-cookie change. | |
| Jun 29, 2015 at 12:28 | comment | added | PhillyNJ | Understood. Also, either I dont understand your answer or you misunderstood my question. I am not implementing my own Session Management Library, but rather want to store a KEY in a hidden field. This key would be used to identify which session belongs to which tab or window. | |
| Jun 26, 2015 at 20:38 | comment | added | svidgen | @PhillyNJ I'm not saying you should use cookies; I'm saying cookies and prepackaged session management systems come with some protections against XSS that you need to be aware of when you're implementing a new, cookieless session management system. | |
| Jun 26, 2015 at 20:32 | comment | added | PhillyNJ | Question - Isnt cookies a moot point since a cookie is shared across all instances? | |
| Jun 26, 2015 at 20:22 | history | answered | svidgen | CC BY-SA 3.0 |