8 Years
Discussion Span
Last Post by diafol

Let's say that state information means information that can be changed to represent something. It could be the fact that you are authorized to view a certain web page or it could be the fact that your user name is XYZ... or it could be the fact that you are at step #3 of a 5 step process in some menu system. Placing this info in a web address is often undesirable since a web browser can be used to go to any web address at any time. If the state is determined by the web address then clients can easily get into the wrong state or undesired states. Imagine if a certain web address had state info in it that said you're authorized to view your personal bank statement and it shows your banking info.... then that web address is simply guessed by a random person and they now have access to your bank account.

It's tempting to put state info in web addresses but usually it's a bad idea.


This is why we use sessions and cookies.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.