[Zope] why two session identifiers?

Dieter Maurer dieter@handshake.de
Tue, 6 Aug 2002 19:56:59 +0200


Chris McDonough writes:
 > ...
 > However, a browser id can last for almost as long as you want.  For
 > example, if you use cookies, you could have the sessioning machinery
 > cookie timeout set to 2038 or something, and assuming the user never
 > clears his cookies, and uses the same machine until 2038, he will
 > always have the same browser id.
Small note: when I get a cookie with such a lifespan and I do not really
trust the site, then it will be the last cookie that I get from this site.

Thus, use lifespans for cookies your users can understand...


Dieter