Keith.Morgan wrote: >I've always had a problem with using cookies or session variables for >authentication mechanisms. These rely on client-side output. Session >variables in IIS are really just temporary cookies. I could get into a >whole rant about "best practices" regarding cookies, session auth etc... but >that's not really the purpose of my reply. > >What I really want to know is, how does apache deal with cookies, sessions, >etc... Has anyone tested to see if apache will accept user supplied cookie >values? > Well, sure it would. But Apache is not an application server, it is only a web server. Apache doesn't care what GPC values you set, it only passes them on to whatever application you are running. -b -- #===================================================================# # More dead people have written in support of Microsoft against the # # DOJ than any other single group, leading UMSA (United MS Shills # # of America) President Steve Barkto to lodge a formal complaint. # #===================================================================#
This archive was generated by hypermail 2b30 : Thu Aug 30 2001 - 15:15:30 PDT