(keitai-l) Re: Session Handling for Keitai

From: nick may <nick_at_kyushu.com>
Date: 02/02/05
Message-Id: <f4283f7d0cf8774f2149015ada3c129e@kyushu.com>
Clever, and I for one had not thought of it...

... but assuming you are doing URI parsing, (which can be problematic 
on apache 1.x because of the multiviews problem) why would absolute 
addresses be a problem if you just need the OCCASIONAL absolute 
address? Just throw something in the URI that shows it is an absolute 
link, look for it when the parse the URI, - if it there, construct the 
"real address" from your path... For that link alone, you could throw 
the session id on the end..... So only absolute links would be "long"

eg, you normally do: (/foo/session)  ./virtual/directory/path/

instead do

/foo/ABSOLUTE/my/virtual/URI/path/sessionid/

(or /foo/ABSOLUTE/my/virtual/URI/path/?sessionid=xxxxx)

which tells your app to load data for

/foo/my/virtual/URI/path/

and grabs the sessionid.

Or have I misunderstood something? (It is so long since I have made a 
non-URI parsing site, I have forgotten the basics...)

alternatively, couldn't you handle the session yourself and store the 
phone id (assuming it sends one)  in a database, then assign the link a 
trivially short session id (3 digits hex) and check each "click" 
against the database to stop session hijacking... Would only work for 
phones that send their id though.

Nick

On Feb 2, 2005, at 12:42 PM, Curt Sampson wrote:

> However, it does kill your ability to do absolute URL addressing:
>
>      top level foo from anywhere
>
> which is mildly annoying.
>
> Any thoughts on these methods or other ones?
Received on Wed Feb 2 07:11:54 2005