[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] RE: Re: Cookies at XML Europe 2004 -- Call for Participation
> > Why do sites insist on using cookies for user authentication? > > HTTP auth requires SSL for all connections or else passwords can be > stolen -- do you include that in your "setup in 5 minutes" overhead? > With cookies, you only need SSL on the login page if you make the cookie > be an opaque ID into server state that has a time-out. In general, > login cookies are more secure with less overhead. The login token stored in the cookie can always be embedded in the URL path, which is what ASP.NET does when you set the "cookieless auth" setting to true. I've also done this in non-ASP systems, though not sure how easy to configure in idealliance specific case.
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|