[support] Session management
Larry Garfield
larry at garfieldtech.com
Wed Sep 5 00:50:45 UTC 2007
On Tuesday 04 September 2007, Fernando Silva wrote:
> > I hope that helps, but I fear that it won't, because sending the
> > session like this will have no influence on the Drupal side. You
> > should take a look at Drupal session handling, and see if it uses the
> > same system as the built in php session handling (which appends a url
> > query string when cookies are not available)
>
> It seems to me that Drupal forces the use of session management through
> cookies.
It does, yes. There are many reasons for it. Primarily, it used to support
GET-based sessions but it kept breaking and converting cookie-capable users
to GET-based sessions. GET-based sessions are inherently less secure easier
to hijack, less user friendly, and less Google-friendly. They're bad news
all around. Non-cookie sessions were removed in, I think, Drupal 4.7.
As others have said, if Flash 8 is buggy, sounds like a perfect excuse to use
Flash 9. :-)
--
Larry Garfield AIM: LOLG42
larry at garfieldtech.com ICQ: 6817012
"If nature has made any one thing less susceptible than all others of
exclusive property, it is the action of the thinking power called an idea,
which an individual may exclusively possess as long as he keeps it to
himself; but the moment it is divulged, it forces itself into the possession
of every one, and the receiver cannot dispossess himself of it." -- Thomas
Jefferson
More information about the support
mailing list