floater
Java Jedi
总版主
发贴: 3233
积分: 421
|
于 2003-06-24 02:04
1. You need to have a way to identify clients. 2. cookie in memory is pretty safe 3. cookie is used for session only, *** identifies the identity. 4. crossing server/app is a pain in terms of maintaining sessions across apps/servers. 5. content in cookie is one-way hashed, somewhat business meaningless, time dependent. 6. some session mechnism is cookie oriented too. 7. hijacking the session is useless unless you have the *** too to identify yourself.
"Any fool can write code that a computer can understand. Good programmers write code that humans can understand." - Martin Fowler, Refactoring - Improving the Design of Existing Code
|