On Thu, Feb 24, 2000 at 03:45:43PM -0500, James Treworgy wrote:
> >site. That will always work.
>
> Unless they back up to the home page, which isn't unheard of. I suppose you
> could reload the first page they hit using a meta tag after creating the
> session or something but that doesn't work on all browsers either. On my
> site it's a likely scenario - it's a subscription based service, and most
> links from the home page make you log in. So if you click a link, log in,
> read the page, and back up, you're no longer logged in without cookies.
No, that is not the case.
_before_ you generete the index you create a session. Sure, you have to
generate all pages with links dynamicly, but in these days with perl,php,
asp, mason etc, this should not be such a big problem. You could
use some url rewrite sheme like http://my.site/do.this.html/<sessionid>
just as easy, couldn`t you?
> > > Basically, you are talking about designing a site with less functionality
> > > than cookies, but this benefits (probably) less than 5% of the people out
> > > there. So 95% of your users are going to potentially lose their shopping
>
> >There isn`t less functionality. The only thing you lose is your
> >automatically-filled-in-creditcard number. Big loss.
>
> I'm talking about potential session loss as for reduced functionality.
which won`t happen, if you do it carefully.
> > > kart contents, and the other 5% might be pissed of when they see that
> > code
> > > up there and realize they are being tracked.
> >
> >... but when he comes back he has a different one. How nice!
>
> I don't think this matters, as I said you can still link sessions using
> other info, and the fact is you are following their pattern within a
> session and could use that info within a single session to display certain
> adz or whatever.
Sure, but the big picture is gone. And sessiontracking between diffrent
sites gets al lot trickier.
> In actuality, my web site uses both versions. I originally developed it
> NOT using cookies and found that the session loss when a user backs up to
> the home page was an egregious problem for many users. So I added a simple
> cookie that stores the same code on their machine. So the page
> authentication first checks for a cookie. If no cookie is found, it checks
> for the session query variable. So perhaps this is the best of all
> worlds... for most people, they get a cookie and it just works. For any
> non cookiers it will still work unless they back up to the home page after
> logging in. But if I did it again I doubt I would go through the trouble
> of tracking sessions on each link.
Which was just what I was going to propose and how I solved it. :-)
Only I have the cookies off as default. You have to check a selectbox
somewhere and then you get a cookie with a sessionid.
So I still think you best build a shoppingkart or something _without_
cookie support in mind. Add the cookies as a extra for the people willing
to sacrifice their privacy for a little convenience. This way it is
possible to let those who wish to remain anonymous use your site, and as a
bonus you lose these 'How to enable cookies'-pages ;-)
Harm
--
Today is Setting Orange, the 55th of Chaos, 3166.
The Moon is Waning Gibbous (72% of Full)
nieuw.nl - 2dehands.nl
