Session Handling With Cookies

Cookies can be used for sessions on au, SoftBank and docomo i-mode browser 2.0 handsets. See Cookies for more details.

Session Handling With URL Rewriting

Adding a session ID somewhere to the URL is the most common way to deal with any browser that is not returning cookies. Usually this is done by adding the session ID as a parameter to the query string on links, turning <a href="foo"> into <a href="foo?sid=jk2383120i13jr7t13uogf935t">. Needless to say, this is not only a fair amount of work, but can greatly increase page size on pages with a lot of links.

Another possibility is to insert the session ID into the path at the beginning of the URL. Thus, going to /index will start a new session, but /S0123456789abcdefABCDEF/index would use an existing session. Then insert a tag in the header, and make all links and images and so-on relative to that: <a href="index">, which is a link to /index, for example. This has the potential disadvantage that truly relative links (i.e., from /foo/bar a link to bam is a link to /bam, not /foo/bam, but also has the great advantage that no link rewriting is necessary. This not only saves programming time, but reduces the chance of designers writing HTML forgetting or making a mistake in whatever they need to do to include the session ID in the links they make. And of course it also makes pages much smaller if they have many links. (Using a 32-character session ID, on a page with twenty links this will save a minimum of 660 bytes, or more than five packets--about 1/2 second transfer time and 1.5 yen in packet charges.)

The bad part about using URL rewriting is that bookmarks and links that people send-around include the session ID, which can result in inadvertant session hijacking. Thus, it's best to use cookies if you can.

Session Handling With Subscriber ID

SubscriberIdentification could be theoretically be used for a session identifier, but in practice is not used because of the challenges of obtaining it. See SubscriberIdentification for details.


SessionHandling (last edited 2010-04-23 03:33:55 by MichaelReinsch)