Kyle R . Burton on Thu, 27 Mar 2003 10:19:23 -0500


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] [off-topic] Question about Session Support Mechanisims


First, this is off topic for a Linux mailing list.  For that I appologise.
I'm hoping that someone on the list with releveant experience/expertiese
will be able to help.


We're working with a client that has contracted out their web-site
development to a third-party consulting company.  This third party
company has used IIS/ASP to implement their current web-site.  The
web-site has requirements to support accessibility guidelines, including
a requirement to support browsers that do not support cookies.

We're making security related recommendations to our client, and some
of the security issues (for example, authentication) rely on tracking
state, hence we're recommending they implement sessions.

Some of the software we've used before supports a switch that effectivly
enables an out-bound filter that rewrites all the URIs in text/html 
content and adds in the session id as a query parameter.  This is nice
because the developers and content maintainers don't need to do anything
to support it.  (The filter would even inject the session id into forms
as a hidden variable.)

We don't have any IIS/ASP gurus here, so I'm looking to see if anyone
has had any experience in working with sites that use ASP, and did
URI encoded session ids.  Is there a plug-in that can make the development
and maintenece easier?  Does ASP have some kind of support for it?  Or
would this fall to the third-party consulting company having to roll
their own session handling system, and subsequently be ultra-vigilant 
in writing the pages to always include a session id as a query parameter?

Unfortunately due to the nature of our relationship with the client, we 
can not recommend that they migrate off of their current platform (the
cost and time necessary to re-develop the existing site is unacceptable).


Any advice/discussion is appreciated.

Kyle R. Burton

-- 

------------------------------------------------------------------------------
Wisdom and Compassion are inseparable.
        -- Christmas Humphreys
mortis@voicenet.com                            http://www.voicenet.com/~mortis
------------------------------------------------------------------------------
_________________________________________________________________________
Philadelphia Linux Users Group        --       http://www.phillylinux.org
Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce
General Discussion  --   http://lists.netisland.net/mailman/listinfo/plug