|
|
Nicolas Alvarez wrote:
> With cookie-based login, the "something" to expire is the session data
> stored in the server and identified by the session ID stored in the
> cookie. Even if the client doesn't expire the cookie, the server
> wouldn't accept the session ID anymore once the session expires.
Exactly. Hence, there's no real need for the cookie to do anything in
order to "log out" or "expire the session" of the user, am I right? If
the user comes back to a deep page with a valid login, bounce them to
the top-level page that says "Your session has expired, please start over."
Then there's sites like (say) Facebook, where you're contractually
obligated to have only one login, so having a "logout" button makes no
sense to start with. :-)
> I would use it. I'm just arguing it's not "perfectly good", like you
> said in your first post.
That's fair enough, yes. In part because the browsers don't support it.
It's perfectly good for the process of logging someone in. What's not
perfectly good is lame browser support. :-)
--
Darren New / San Diego, CA, USA (PST)
"That's pretty. Where's that?"
"It's the Age of Channelwood."
"We should go there on vacation some time."
Post a reply to this message
|
|