Re: [support] Session management

5 Sep 2007


      On Tuesday 04 September 2007, Fernando Silva wrote:
...
...
I hope that helps, but I fear that it won't, because sending the
session like this will have no influence on the Drupal side. You
should take a look at Drupal session handling, and see if it uses the
same system as the built in php session handling (which appends a url
query string when cookies are not available)
It seems to me that Drupal forces the use of session management through
cookies.
It does, yes.  There are many reasons for it.  Primarily, it used to support 
GET-based sessions but it kept breaking and converting cookie-capable users 
to GET-based sessions.  GET-based sessions are inherently less secure easier 
to hijack, less user friendly, and less Google-friendly.  They're bad news 
all around.  Non-cookie sessions were removed in, I think, Drupal 4.7.
As others have said, if Flash 8 is buggy, sounds like a perfect excuse to use 
Flash 9. :-)
-- 
Larry Garfield			AIM: LOLG42
larry@garfieldtech.com		ICQ: 6817012

"If nature has made any one thing less susceptible than all others of 
exclusive property, it is the action of the thinking power called an idea, 
which an individual may exclusively possess as long as he keeps it to 
himself; but the moment it is divulged, it forces itself into the possession 
of every one, and the receiver cannot dispossess himself of it."  -- Thomas 
Jefferson

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Re: [support] Session management