Hi folks,
is there any reason for me to place the session ID within a form, as a hidden form field?
Thank you everyone!! :)
+1
A:
Hi,
The only reason would be to maintain session state for all users including the ones that have disabled cookies.
Andre Goncalves
2010-04-02 14:27:14
+5
A:
This is a part of one of the possible methods for preventing against cross-site request forgery attacks.
It can be used in the Synchronizer Token Pattern.
It can also be used in the "Double-Submit Cookies" method mentioned at the bottom of the page linked to above.
David Stratton
2010-04-02 14:27:41
@David: thank you very much for your awesome reply :)
RadiantHex
2010-04-03 03:34:16
A:
This strikes me as a very stupid question - why would you put anything in a form - because you have reason for doing so.
If you mean why has somebody else put it in their form....well they probably had reasons too. Don't you think you should ask them rather than us.
C.
symcbean
2010-04-02 22:35:29
@symcbean: well a widely used practice probably has a widely shared purpose. That is why I asked, and I got some really good replies. Btw I doubt contacting a company's customer service would do much help. :)
RadiantHex
2010-04-03 00:27:54