Agreed ... I have to say that I have seen MANY cases where people
think that sessions should be used instead of cookies ... only reason
being that they can turn cookies off...
How many of these users that are turning there cookies off are going
to click that little box to allow something called "Session Cookies"
to stay on ... they don't know what those are ... so if it isn't a
security issue, go a step further and use cookies instead of sessions.
Mostly on topic ... just a gripe. I have cleaned up projects that have
used sessions with shopping carts and destroyed their performance ...
anyway ... done with my rant.
Forms can be hard to use ... they assume, a little too much, that the
user is going to browse forward through the website ... I have used
this technique, but not for long trips ... especially not site long
trips.
Brynn
www.coolpier.com
There is also always using an encrypted querystring ... but I would
still rather have my screen popup that says "Error: Cookies must be on
for this feature to work."
On Tue, 13 Jan 2004 12:25:11 -0500, Tim Slattery <Sl********@bls.gov>
wrote:
"Mark" <ma**@extensible.com> wrote:
i think, form posting is an awkward approach, if you don't have cookies
sessions won't work, querystring reveals everything about your application
and it seems also awkward and amateurish to me that users may trick the
application by manipulating the querystring, and database approach is the
arduous way for me because i just want to pass state from page to page thus
it will be cumbersome and unneccessary to maintain a database just for this
purpose. i am wondering if its possible by using http headers?
How do you think cookies are implemented? The web server and client
use a special header to pass the cookie values back and forth. So
looking for some other header solution isn't buying you anything at
all.
--
Tim Slattery
MS MVP(DTS)
Sl********@bls.gov
I participate in the group to help give examples of code. I do not guarantee the effects of any code posted. Test all code before use!
Brynn
www.coolpier.com