[PLUG] [off-topic] Question about Session Support Mechanisims

Kyle R . Burton on Thu, 27 Mar 2003 10:19:23 -0500

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] [off-topic] Question about Session Support Mechanisims

From: "Kyle R . Burton" <mortis@voicenet.com>

To: PLUG <plug@lists.phillylinux.org>

Subject: [PLUG] [off-topic] Question about Session Support Mechanisims

Date: Thu, 27 Mar 2003 10:18:01 -0500

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

First, this is off topic for a Linux mailing list. For that I appologise. I'm hoping that someone on the list with releveant experience/expertiese will be able to help. We're working with a client that has contracted out their web-site development to a third-party consulting company. This third party company has used IIS/ASP to implement their current web-site. The web-site has requirements to support accessibility guidelines, including a requirement to support browsers that do not support cookies. We're making security related recommendations to our client, and some of the security issues (for example, authentication) rely on tracking state, hence we're recommending they implement sessions. Some of the software we've used before supports a switch that effectivly enables an out-bound filter that rewrites all the URIs in text/html content and adds in the session id as a query parameter. This is nice because the developers and content maintainers don't need to do anything to support it. (The filter would even inject the session id into forms as a hidden variable.) We don't have any IIS/ASP gurus here, so I'm looking to see if anyone has had any experience in working with sites that use ASP, and did URI encoded session ids. Is there a plug-in that can make the development and maintenece easier? Does ASP have some kind of support for it? Or would this fall to the third-party consulting company having to roll their own session handling system, and subsequently be ultra-vigilant in writing the pages to always include a session id as a query parameter? Unfortunately due to the nature of our relationship with the client, we can not recommend that they migrate off of their current platform (the cost and time necessary to re-develop the existing site is unacceptable). Any advice/discussion is appreciated. Kyle R. Burton -- ------------------------------------------------------------------------------ Wisdom and Compassion are inseparable. -- Christmas Humphreys mortis@voicenet.com http://www.voicenet.com/~mortis ------------------------------------------------------------------------------ _________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce General Discussion -- http://lists.netisland.net/mailman/listinfo/plug

Follow-Ups:

Re: [PLUG] [off-topic] Question about Session Support Mechanisims
From: Tobias DiPasquale <toby@cbcg.net>

Re: [PLUG] [off-topic] Question about Session Support Mechanisims
From: "mike.h" <mike.h@stemik.com>

Prev by Date: Returned mail - nameserver error report

Next by Date: Returned mail - nameserver error report

Previous by thread: Returned mail - nameserver error report

Next by thread: Re: [PLUG] [off-topic] Question about Session Support Mechanisims

Index(es):

Date

Thread