views:

117

answers:

3

Hi folks,

is there any reason for me to place the session ID within a form, as a hidden form field?


Thank you everyone!! :)

+1  A: 

Hi,

The only reason would be to maintain session state for all users including the ones that have disabled cookies.

Andre Goncalves
+5  A: 

This is a part of one of the possible methods for preventing against cross-site request forgery attacks.

It can be used in the Synchronizer Token Pattern.

It can also be used in the "Double-Submit Cookies" method mentioned at the bottom of the page linked to above.

David Stratton
@David: thank you very much for your awesome reply :)
RadiantHex
A: 

This strikes me as a very stupid question - why would you put anything in a form - because you have reason for doing so.

If you mean why has somebody else put it in their form....well they probably had reasons too. Don't you think you should ask them rather than us.

C.

symcbean
@symcbean: well a widely used practice probably has a widely shared purpose. That is why I asked, and I got some really good replies. Btw I doubt contacting a company's customer service would do much help. :)
RadiantHex