On Mon, Jun 24, 2002 at 02:35:06PM -0700, Ovid wrote: >Niko, > >If you pass the variables to the page, the user can find them, period. If you >control the output >of the other page, you'll need to create some sort of persistence mechanism. >Typically, this is >done by assigning session ids, saving the data to the database using the session id, >passing the >session id to the new page and having the resource that generates the new page >retrieve the >information via the session id. > >The question, though, is *why* you don't want the user to know this data. If this is >truly >important, then you'll go with a scheme similar to what I have mentioned (never >letting the data >leave the server, only a key to the data is sent). If it's really not that >important, hidden HTML >fields can be used.
Actually i wanted to do this because i want to expire the session id, if the user click the link to log off. I do not want the user to know the session id. While in the log off part i do not want to load the cookie which kept the session id but directly send an empty cookie and expired the session id.(because it might be faster ???) From what i know (which is limited :), if we pass the variable in POST method, the user can't find out what we have passed, can they ? but maybe i'm wrong, so i might as well use the slower way. regards, niko -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
