| Re: multiple visitors at the same time [message #182989 is a reply to message #182985] |
Tue, 01 October 2013 12:05   |
Richard Damon
Messages: 58
Registered: August 2011
Karma:
|
Member |
|
|
On 9/30/13 11:37 PM, Michael Vilain wrote:
> Most session IDs without a login aren't sufficiently unique. You'll
> need to have additional criteria to ensure that to machines with the
> same browser and hardware connecting to your server from the same IP
> address are able to be differentiated between the two. That's up to
> you. You sound like you need to do a lot of reading up on this before
> you come up with a viable solution. Publically available stuff without
> first authenticating the user will only get you so far.
>
Session IDs with or without login MUST be unique, or your sessions are
broken (session logic MUST give a new id number to anything starting a
session, or you don't have real sessions). Multiple connections from the
same IP will be given different sessions.
Using a session ID without a login will mean that any work the user does
will be forgotten when the session expires.
What adding a login does is to allow you to put into the session a user
id from the login, so that the data from the user can persist from one
session to another.
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]