(keitai-l) Session Handling for Keitai

From: Curt Sampson <cjs_at_cynic.net>
Date: 02/02/05
Message-ID: <Pine.NEB.4.61.0502021156040.8621@angelic-vtfw.cvpn.cynic.net>
How do most people handle sessions for keitai that don't return cookies?

The standard way of doing this with regular web browsers is to add a
parameter to the URL that contains the session ID, e.g.:

     /get_thing?thing_id=17&session_id=QTbBd22Xn3Y4lA8ASqUYXVQoOvCef5Qk

Of course, you need to do this for every link in the page, which adds
maybe 40 bytes per link, which gets pretty long. If you've got a dozen
links on a page, you've just added a half kilobyte to the page size,
which is 4 packets.

The code I inherited has a somewhat clever way of mitigating this: it puts
the session ID at the beginning of the URL:

     /SQTbBd22Xn3Y4lA8ASqUYXVQoOvCef5Qk/get_thing?thing_id=17

which means you can use a relative link to get a URL with the session ID
as above:

     get thing 17

Relative paths seem to work ok, with this, too; if you're at

     /SQTbBd22Xn3Y4lA8ASqUYXVQoOvCef5Qk/announce/hello

putting a link in there to

     get thing 17

will be translated by the browser by removing the ".." and the previous
component between slashes (as specified by RFC 2396) and send you to the
get_thing URI above. (Just to be safe, I've checked this in Mozilla and
on all three major carriers' phones.)

However, it does kill your ability to do absolute URL addressing:

     top level foo from anywhere

which is mildly annoying.

Any thoughts on these methods or other ones?

cjs
-- 
Curt Sampson  <cjs_at_cynic.net>   +81 90 7737 2974   http://www.NetBSD.org
      Make up enjoying your city life...produced by BIC CAMERA
Received on Wed Feb 2 05:42:35 2005