NetTalk Central
NetTalk Web Server => Web Server - Ask For Help => Topic started by: Ubaidullah on March 12, 2012, 03:51:21 AM
-
Hi,
Is it possible to pass the Session ID in the url instead of via a cookie ?
Thanks & Regards,
Ubaidullah Nubar.
-
Hello Ubaidullah
Yes it is possible and quite simple. There is a variable which keeps session ID (p_web.SessionID), which You should put to the url.
For example:
www.website.com/login?SessionID=p_web.SessionID
Regards,
Matthew
-
Hi Ubaidullah,
the answer is yes - Matthew is right there. However the slightly longer answer is "you shouldn't need to do this in most cases". There are some security implications with setting a specific SessionId like this, and if you can avoid it, you should.
I'm not sure though if you meant that "cookies will be completely off, and _all_ links must include the session ID in the URL". That's a _lot_ harder to do.
cheers
Bruce
-
Hi Bruce,
The second scenario is what I have here.
I want the session id passed via the url for _all_ links including ajax posts. How can I achieve that?
Thanks & Regards,
Ubaidullah Nubar.
-
the short answer is "you can't".
NetTalk has been designed to pass the session id as a cookie, and while it's probably possible to make it behave like this, it would need a good knowledge of JavaScript, and indeed a modification to most of the shipping JavaScript files.
In the early days of NT4 this option was supported - but was removed for security reasons. parameters in the URL are recorded by proxies, ISP's and so on, and generally left lying around - and that can result in session hijacking in some cases.
So, a nettalk app needs "memory cookies" on, and JavaScript on. Without those two the site isn't gonna work.
cheers
Bruce