I was just thinking about the URLs of my current web project. The user can access various resources, such as images using the website. URL-addresses look like this: http: // localhost: 2143 / p / AyuducjPnfnjZGfnNdpAIumehLiWaYQKbZLMeACUqgsYJfsqarTnDMRbwkIxWuDd
Now I really need high performance, and one way could be to lower the extra round trip to the authentication database and simply rely on a URL that should be undeniable.
Google does this with Picasa Web Albums , you can make an album private or unregistered. This provides the album, but not the photo itself. Take this photo of Skagen (Denmark); http://lh4.ggpht.com/_Um1gIFfF614/TQpVMvN3hPI/AAAAAAAANRs/GY5DxrDPHUE/s800/IMG_4074.JPG , this is actually in a private album, but you can all see it.
So what do you think of this? Is a character length of 64 characters "safe"? Are there other approaches?
Suppose I decide to do authentication for each resource request. Users logged onto somedomain.com, where they access them, let them say photo albums. Cookies are deleted to support their authentication.
Actual photos are now served through some form of CDN or storage service at a completely different URL.
How would you support authentication in multiple domains? Say the contents of two albums can be delivered from different servers.
source
share