[ic] Losing session cookie after login

Jamie Neil jamie at versado.net
Mon Aug 4 12:14:06 EDT 2003


Quoting Jonathan Clark:
> > My etc/profile.login file has the following:
> >
> >         [set mv_no_count][/set]
> >         [set mv_no_session_id][/set]
> >
> > which I assume is what is clearing the cookie.
>
> This is not clearing the cookie, but it is altering the session - telling
> Interchange to include a page counter and session id (not to not
> include)..

Sorry - my mistake :$

I assumed that the introduction of the session id in the string was an
indication that the cookie was not being used any more. Now I've actually
checked the session id I can see it is the same as the stored cookie.

>
> > Is it necessary to do this
> > when a user logs in? If it is, what I don't understand is why a
> new cookie
> > is not issued to replace the old one.
>
> You are not seeing a new cookie because the old one is still being used!
>
> I guess this is being done to try and ensure that the session is
> not dropped
> and pages are not cached along the way.

Would this is for security reasons or something else?

Jamie



More information about the interchange-users mailing list