Loading ...
Sorry, an error occurred while loading the content.

383Re: Enforcing Cookieless Sessions

Expand Messages
  • Joshua Chamas
    May 13, 2002
      Ben Soares wrote:
      >
      > ...
      > One question, I know you can have cookieless sessions if the browser has
      > cookies disabled, but I would like to know if you can *force* cookieless
      > sessions.
      >
      > Basically, I am ensuring that the "session-id=$Session->{SessionID}" appears
      > in each link/form from each page, and I have set SessionQuery in the
      > httpd.conf file (although I have not set SessionQueryParse or
      > SessionQueryMatch -- I don't think I need to since I'm doing it "manually").
      >
      > This all seems to work fine except for my problem: I want a user to be able
      > to login again (different user) and start with a new Session. Unfortunately,
      > Apache::ASP seems to be setting a cookie regardless and this is interfering
      > with my new Session. Naturally I cannot ensure users will have cookies
      > disabled in their browser.
      >

      You can use the $Session->Abandon method when a user logs out, or can
      clear the session when processing the login as in

      %$Session = ();
      # then set user authentication data

      If neither of these cover your case, then we can probably get for you
      a configuration like:

      PerlSetVar SessionQueryForce 1

      I can see the value in the configuration, but won't do it unless
      there is the need.

      --Josh
      _________________________________________________________________
      Joshua Chamas Chamas Enterprises Inc.
      NodeWorks Founder Huntington Beach, CA USA
      http://www.nodeworks.com 1-714-625-4051

      ---------------------------------------------------------------------
      To unsubscribe, e-mail: asp-unsubscribe@...
      For additional commands, e-mail: asp-help@...
    • Show all 5 messages in this topic