Know Thy Client
It's a little-known fact that even when cookies are disabled, Web browsers quietly send some extra data with each page request. It's not really anything personal (your weight, sexual preference, and political opinions are not divulged), but innocuous stuff chosen to help content providers present their content well. Environment variables store the name of the browser, the Internet address the browser is operating from, the Web address (Uniform Resource Locator, or URL) of whatever page the browser had previously displayed, and a few other things. All CGI and SHTML scripts have access to this information.
If you're straining to think of a legitimate use for session information, imagine you work for a company that provides virus-scanning ...
Get Sams Teach Yourself Ruby in 21 Days now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
