Cookieless sessions, passports, or other methods
Posted: Sat Mar 26, 2011 11:17 pm
I'm stepping up into managed user territory and I'm trying to find out what the "state of the art" is or the options are besides the usual cookies and php sessions. For my site's purpose, I'm interested in using Shibboleth and LDAP to authenticate users. I've been working on setting up the LDAP server and have it to a point where I can consider other things like sessions/user tracking, plus iframe and wap applications.
In my day job, I work with a couple of web applications from a couple of vendors that can really pull a vacuum at times. It is largely related to how they use cookies and sessions. I don't mind using first party cookies, but they are going to be problematic for iframes and cell phone apps. I thought is there was a better way to deal with all this, I might as well learn it now.
I've done a little searching on cookieless sessions, but haven't found much yet that was new or authoritative. I read a thread here that mentioned passports, but it wasn't explained.
I would really like to hear your opinions and suggestions on things I've mentioned.
Thank you
In my day job, I work with a couple of web applications from a couple of vendors that can really pull a vacuum at times. It is largely related to how they use cookies and sessions. I don't mind using first party cookies, but they are going to be problematic for iframes and cell phone apps. I thought is there was a better way to deal with all this, I might as well learn it now.
I've done a little searching on cookieless sessions, but haven't found much yet that was new or authoritative. I read a thread here that mentioned passports, but it wasn't explained.
I would really like to hear your opinions and suggestions on things I've mentioned.
Thank you