Clever, and I for one had not thought of it...
... but assuming you are doing URI parsing, (which can be problematic
on apache 1.x because of the multiviews problem) why would absolute
addresses be a problem if you just need the OCCASIONAL absolute
address? Just throw something in the URI that shows it is an absolute
link, look for it when the parse the URI, - if it there, construct the
"real address" from your path... For that link alone, you could throw
the session id on the end..... So only absolute links would be "long"
eg, you normally do: (/foo/session) ./virtual/directory/path/
instead do
/foo/ABSOLUTE/my/virtual/URI/path/sessionid/
(or /foo/ABSOLUTE/my/virtual/URI/path/?sessionid=xxxxx)
which tells your app to load data for
/foo/my/virtual/URI/path/
and grabs the sessionid.
Or have I misunderstood something? (It is so long since I have made a
non-URI parsing site, I have forgotten the basics...)
alternatively, couldn't you handle the session yourself and store the
phone id (assuming it sends one) in a database, then assign the link a
trivially short session id (3 digits hex) and check each "click"
against the database to stop session hijacking... Would only work for
phones that send their id though.
Nick
On Feb 2, 2005, at 12:42 PM, Curt Sampson wrote:
> However, it does kill your ability to do absolute URL addressing:
>
> top level foo from anywhere
>
> which is mildly annoying.
>
> Any thoughts on these methods or other ones?
Received on Wed Feb 2 07:11:54 2005