undefined | Better HN

Skip to content

Top New Best Ask Show Jobs

undefined | Better HN

0 pointshueving11y ago0 comments

You can carry the session ID in the URL. This also has the benefit of eliminating XSRF. The downside is that you have a horrendous URL if that type if thing bothers you, and you can't have a "remember me" check box in your login.

0 comments

amatix11y ago

This approach has some massive downsides - the session ID is sent via Referer to outbound links, URLs are logged all over the place (including browser histories), it's easy for people to publicly share it without thinking which then ends up in Google as well...

al2o3cr11y ago

Partying like it's LITERALLY 1999...

lutoma11y ago

That's a horrible suggestion, it's not 1999 anymore…

j / k navigate · click thread line to collapse