> You won't be able to distinguish device sessions from one another reliably neither. Think of "log out all other devices".
You could, I think. Passing the session ID in the URL is the same as storing it as a cookie. You can invalidate both in the server.
Link sharing is an issue, for sure. You could tie the session id to the IP, but that doesn't work when people share their IP, which is more and more common every day. IP tied session would work better with IPv6, though.
You could, I think. Passing the session ID in the URL is the same as storing it as a cookie. You can invalidate both in the server.
Link sharing is an issue, for sure. You could tie the session id to the IP, but that doesn't work when people share their IP, which is more and more common every day. IP tied session would work better with IPv6, though.