"When you log into a web application, you exchange your credentials for a SESSIONID cookie. "
That may be true in some cases, but certainly not all. Session management should ideally be kept separate from authentication, and authentication cookies should be encrypted and validated.
Register
3 posts • joined Friday 25th July 2008 12:57 GMT
Sprouts?
Dig up *sprouts* with ease? If you need to dig up your sprouts, you're doing something *very* wrong.
Session ID vs Authentication.
"When you log into a web application, you exchange your credentials for a SESSIONID cookie. "
That may be true in some cases, but certainly not all. Session management should ideally be kept separate from authentication, and authentication cookies should be encrypted and validated.