Passing SessionID in the URL

[Ubaidullah]

Hi,

Is it possible to pass the Session ID in the url instead of via a cookie ?

Thanks & Regards,
Ubaidullah Nubar.

[Matthew]

Hello Ubaidullah

Yes it is possible and quite simple. There is a variable which keeps session ID (p_web.SessionID), which You should put to the url.

For example:
www.website.com/login?SessionID=p_web.SessionID

Regards,
Matthew

[Bruce]

Hi Ubaidullah,

the answer is yes - Matthew is right there. However the slightly longer answer is "you shouldn't need to do this in most cases". There are some security implications with setting a specific SessionId like this, and if you can avoid it, you should.

I'm not sure though if you meant that "cookies will be completely off, and _all_ links must include the session ID in the URL". That's a _lot_ harder to do.

cheers
Bruce

[Ubaidullah]

Hi Bruce,

The second scenario is what I have here.

I want the session id passed via the url for _all_ links including ajax posts. How can I achieve that?

Thanks & Regards,
Ubaidullah Nubar.

[Bruce]

the short answer is "you can't".

NetTalk has been designed to pass the session id as a cookie, and while it's probably possible to make it behave like this, it would need a good knowledge of JavaScript, and indeed a modification to most of the shipping JavaScript files.

In the early days of NT4 this option was supported - but was removed for security reasons. parameters in the URL are recorded by proxies, ISP's and so on, and generally left lying around - and that can result in session hijacking in some cases.

So, a nettalk app needs "memory cookies" on, and JavaScript on. Without those two the site isn't gonna work.

cheers
Bruce