The thing about this whole privacy argument that I don't understand is that
when you store the session id in the URL or in POST arguments, you can do
just as much user tracking as you can with a cookie. At least with a cookie
as user can turn it off if they don't want to be tracked (some application
functionality may not be available to them).
On my web site (www.tias.com) we uses cookies throughout the site. If you
turn them off, the shopping carts (and some other applications) stop
working. The static pages continue to work. I've been asked by some people
to making shopping carts work without cookie, but it seems to be that if a
user doesn't want their session tracked, then I should honor their request,
rather than find a way to track their session against their wishes.
At 11:31 AM 2/24/00 -0500, James Treworgy wrote:
>This is a good point. Although with a reasonable session timeout this
>probably wouldn't happen, but still a problem.
>
>You could also track IP addresses in your session login (which I do anyway
>to keep tabs on whether there is any pattern of abuse of the login IDs -
>this is a subscription service) and require that a session be connected
>from the same IP as it started. I'm not sure how this would work for
>services like AOL or big proxies.. is it possible that your IP change over
>the course of a given connection? That is I imagine there could be some
>type of proxy architechture that distributes load among more than one
>proxy server so even single user in a short time frame could have more
>than one IP. Possible?
>
>It doesn't make bookmarking impossible, though, if your login mechanism is
>well designed. The way I have set it up, the login is integrated into
>every page as a function. Once you log in you end up back on the same
>page. So if you hit the bookmarked page, it would simply make you log in
>again (as it should) and then you'd be where you should be.
>
>Jamie
>
>At 11:05 AM 2/24/00 -0500, Mark D Wolinski wrote:
>>Also, what happens if someone wants to share a page they're looking at with
>>a friend. To pass that URL to the friend, it includes the session ID, so
>>suddenly the friend has everything in a shopping cart the friend already put
>
>
>--
>---------------------------------------------------------------------
>Please check "http://www.mysql.com/Manual_chapter/manual_toc.html" before
>posting. To request this thread, e-mail mysql-thread28878@stripped
>
>To unsubscribe, send a message to:
> <mysql-unsubscribe-mwexler=tias.com@stripped>
