Method
|
Pros
|
Cons
|
Put transaction identifier
in a custom URL |
Simple, short, works with
all browsers |
Value shown to user, which
can be a problem with, for example, passwords. |
Put transaction identifier
in a hidden field in a form |
Simple, works with all browsers |
Server needs to remember
status of each user |
Put all session knowledge
in hidden or public fields in a form |
Simple, works with all browsers |
Can slow down interaction
of much information need to be stored. |
Put transaction identifier
in a magic cookie |
Simple, short |
Some users do not like or
disable magic cookies. Server needs to remember status of each user. |
Use persistent connection
facility of HTTP/1.1 |
|
New facility in HTTP/1.1,
not very well tried. Server may have short timeouts. |
Log the IP address of the
client in the server |
For a user who always uses
the same client, server can remember information for a long time. |
Insecure, more than one
user might access from the same IP address. Server needs to remember status of each
user. |