> Nicolas Alvarez wrote:
>> With cookie-based login, the "something" to expire is the session ID 
>> kept in the cookie. Even if the client doesn't expire the cookie, the 
>> server wouldn't accept the session ID anymore once it expires.
> 
> No. If the only thing you're expiring is the cookie, then there's no 
> point in having the cookie. The cookie is there to track some state on 
> the server and associate it with the user's session. The cookie by 
> itself isn't useful. It's the cookie's association with the row in the 
> database representing the shopping cart or whatever that's useful.

With cookie-based login, the "something" to expire is the session data 
stored in the server and identified by the session ID stored in the 
cookie. Even if the client doesn't expire the cookie, the server 
wouldn't accept the session ID anymore once the session expires.

Better like that?

> Basically, the problem is "http auth is lame, because browsers implement 
> it in a lame way, so we're not going to use it, so browser authors won't 
> bother to de-lame it."  Which makes sense, given HTTP isn't really 
> designed to be used for stateful applications anyway. :-)

I would use it. I'm just arguing it's not "perfectly good", like you 
said in your first post.

Post a reply to this message

Nicolas Alvarez wrote:
> With cookie-based login, the "something" to expire is the session data 
> stored in the server and identified by the session ID stored in the 
> cookie. Even if the client doesn't expire the cookie, the server 
> wouldn't accept the session ID anymore once the session expires.

Exactly. Hence, there's no real need for the cookie to do anything in 
order to "log out" or "expire the session" of the user, am I right? If 
the user comes back to a deep page with a valid login, bounce them to 
the top-level page that says "Your session has expired, please start over."

Then there's sites like (say) Facebook, where you're contractually 
obligated to have only one login, so having a "logout" button makes no 
sense to start with. :-)

> I would use it. I'm just arguing it's not "perfectly good", like you 
> said in your first post.

That's fair enough, yes. In part because the browsers don't support it. 
It's perfectly good for the process of logging someone in. What's not 
perfectly good is lame browser support. :-)

-- 
   Darren New / San Diego, CA, USA (PST)
     "That's pretty. Where's that?"
          "It's the Age of Channelwood."
     "We should go there on vacation some time."

Post a reply to this message

Darren New wrote:
> Then there's sites like (say) Facebook, where you're contractually 
> obligated to have only one login, so having a "logout" button makes no 
> sense to start with. :-)

What about multiple persons using the same computer?

-- 
...Ben Chambers
www.pacificwebguy.com

Post a reply to this message

Chambers wrote:
> Darren New wrote:
>> Then there's sites like (say) Facebook, where you're contractually 
>> obligated to have only one login, so having a "logout" button makes no 
>> sense to start with. :-)
> 
> What about multiple persons using the same computer?

Then you should be closing the browser and logging into the other 
person's account, yes? :-)

(Yeah, OK, this has gotten a bit silly even for me. It's just a pet 
peeve of mine that people use HTTP for all kinds of wrong stuff where 
they'd be far, far better off with an actual statefull 
connection-oriented protocol without quite so much hackery in it. The 
fact that I'm now expected to do all the hackery myself is rather what 
ticks me off, methinks.)

-- 
   Darren New / San Diego, CA, USA (PST)
     "That's pretty. Where's that?"
          "It's the Age of Channelwood."
     "We should go there on vacation some time."

Post a reply to this message

"Warp" <war### [at] tagpovrayorg> wrote in message
news:47f6c63b@news.povray.org...
>
>   I said in my original post "travelling at almost c towards us".
> Pretty hard to notice.
>

Depends how close to c, and how long it's been travelling towards us. Long
enough and the red-shifted light and gravitational lensing (maybe) might
show its presence

Post a reply to this message

And lo on Thu, 03 Apr 2008 14:37:41 +0100, Gail Shaw sa dot com>  

<"<initialsurname"@sentech> did spake, saying:

>
> "Phil Cook" <phi### [at] nospamrocainfreeservecouk> wrote in message
> news:op.t8083otuc3xi7v@news.povray.org...
>
>> So let me get this straight *Mr* Wagner, who studied physics, and Mr
>> Sancho, an author, are attempting to get an injunction in Hawaii  

>> against a
>> European Science Group, of which they United States is not a part, fr
om
>> operating in Switzerland because they've failed to carry out an
>> environmental impact statement as required under a Act that doesn't  

>> apply to them.

> For some extra fun, find the New Scientist article that reports on thi
s.  

> The
> article's sane, the comments get progressively more ridiculous.

Perusing it now; heh.

> Why do these people seem to think they know more about subatomic physi
cs
> than the professional scientists do?

Because for some reason 'people' are being taught that their unqualifed 
 

reasoning is equal to that of qualified reasoning; that their opinion  

matters on every subject regardless of their knowledge (or lack thereof)
  

of it.

> Oh wait, I forgot. Science = Evil. Geeks are losers. Geniuses are al
ways
> trying to take over or destroy the world. Right. Now I got it.

Hell yeah, I'm betting all the negative comments are from Jocks (not you
  

Stephen) who used to shut up Geeks in their lockers and are now petrifie
d  

that they're going to be zapped with Ray-Guns.

> Down with Progress! Back to the Stone Age!

Oh I don't know have you conducted a full H&S assessment on the results 
of  

banging two stones together? It could create a spark that sets the entir
e  

atmosphere aflame; think we'd better return to the Mud Age instead.

-- 

Phil Cook

--
I once tried to be apathetic, but I just couldn't be bothered
http://flipc.blogspot.com

Post a reply to this message

Gail Shaw wrote:
> "Warp" <war### [at] tagpovrayorg> wrote in message
> news:47f6c63b@news.povray.org...
>>   I said in my original post "travelling at almost c towards us".
>> Pretty hard to notice.
>>
> Depends how close to c, and how long it's been travelling towards us. Long
> enough and the red-shifted light and gravitational lensing (maybe) might
> show its presence

And if it were stellar-massed it'd move stars close to its trajectory, 
whose light would reach us slightly beforehand. Although there's not a 
lot we could do about it in either case...

Post a reply to this message

Nicolas Alvarez wrote:

>> Agreed. If it's very small we probably wouldn't even notice.
> 
> If it's big, you think we would notice either? :)

Indeed :)

Post a reply to this message

"Phil Cook" <phi### [at] nospamrocainfreeservecouk> wrote:
> And lo on Thu, 03 Apr 2008 14:37:41 +0100, Gail Shaw sa dot com>
>
> >
> > Oh wait, I forgot. Science = Evil. Geeks are losers. Geniuses are al
> ways
> > trying to take over or destroy the world. Right. Now I got it.
>
> Hell yeah, I'm betting all the negative comments are from Jocks (not you
>
>
> Stephen) who used to shut up Geeks in their lockers and are now petrifie
> d
>
> that they're going to be zapped with Ray-Guns.
>

Say that to my face this Saturday, if you dare :)

Stephen

Post a reply to this message

> Nicolas Alvarez wrote:
>> In fact, isn't it totally retarded that it requires cookies in the 
>> first place?
> 
> No. What's totally retarded is building statefull apps on top of HTTP. 
> Right up there with custom login forms when HTTP has a perfectly good 
> login mechanism.

Ugh. Trying to figure out how to make a Java web app with HTTP 
authentication. Looks like even if it uses HTTP auth, it *still* wants 
to stick a session ID on you (cookie or URL rewriting).

Post a reply to this message