By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
448,496 Members | 1,266 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 448,496 IT Pros & Developers. It's quick & easy.

Cookies - Is this possible?

P: n/a
Is it possible for a user to enable permanent cookies but disable session
cookies.....this seems like a contradition yet this is what I appear to be
reading in online articles?
Jul 19 '05 #1
Share this Question
Share on Google+
9 Replies


P: n/a
I must be stupid, but I am picking up contradictions on how cookies are used
in sites. This dude says of Amazon:

Statement: "Amazon.com passes this test when it comes to the site being 100%
usable if one were to manually disable and delete cookies"
http://www.stickyminds.com/sitewide....ObjectType=ART
He then says: . I was able to use all major aspects of the site-searching,
shopping cart, checkout functions-even though cookies were completely
disabled.

His conclusion:

It appears that state maintenance was being taken care of server-side, based
on the session ID at the end of the home page URL. For example, I chose the
Yamaha CD-ROM kit on the amazon home page and added it to my shopping cart.
The shopping cart page URL was
http://www.amazon.com/./one-click-th...357560-1728507. Changing
the rightmost digit from 7 to 8, and posting this edited URL, lost my
shopping cart and brought up the following error page, lending further
support to the probability of server-side state maintenance with a session
ID in the URL.

My Question:

How can 'state' be preserved on the server via a session ID if COOKIES ARE
DISABLED and DELETEd....

I thought if the user disabled cookies that blew if for Session Variables...

Could someone please tell me what I am missing here?

Thanks

Jason

<ja***@catamaranco.com> wrote in message
news:Ob*************@TK2MSFTNGP11.phx.gbl...
Is it possible for a user to enable permanent cookies but disable session
cookies.....this seems like a contradition yet this is what I appear to be
reading in online articles?

Jul 19 '05 #2

P: n/a
The id (107-0357560-1728507) is appended to the url, and then checked,
usually, against a value in a DB to keep track of the user.

Bob Lehmann

<ja***@catamaranco.com> wrote in message
news:%2****************@TK2MSFTNGP11.phx.gbl...
I must be stupid, but I am picking up contradictions on how cookies are used in sites. This dude says of Amazon:

Statement: "Amazon.com passes this test when it comes to the site being 100% usable if one were to manually disable and delete cookies"
http://www.stickyminds.com/sitewide....ObjectType=ART He then says: . I was able to use all major aspects of the site-searching,
shopping cart, checkout functions-even though cookies were completely
disabled.

His conclusion:

It appears that state maintenance was being taken care of server-side, based on the session ID at the end of the home page URL. For example, I chose the Yamaha CD-ROM kit on the amazon home page and added it to my shopping cart. The shopping cart page URL was
http://www.amazon.com/./one-click-th...357560-1728507. Changing
the rightmost digit from 7 to 8, and posting this edited URL, lost my
shopping cart and brought up the following error page, lending further
support to the probability of server-side state maintenance with a session
ID in the URL.

My Question:

How can 'state' be preserved on the server via a session ID if COOKIES ARE
DISABLED and DELETEd....

I thought if the user disabled cookies that blew if for Session Variables...
Could someone please tell me what I am missing here?

Thanks

Jason

<ja***@catamaranco.com> wrote in message
news:Ob*************@TK2MSFTNGP11.phx.gbl...
Is it possible for a user to enable permanent cookies but disable session cookies.....this seems like a contradition yet this is what I appear to be reading in online articles?


Jul 19 '05 #3

P: n/a
But is that ID not dependent on being retrieved iniitally from the user
machines cookie?

If cookies are disabled this ID would not be retrievable for later use on
the server?

"Bob Lehmann" <no****@dontbotherme.zzz> wrote in message
news:%2****************@TK2MSFTNGP12.phx.gbl...
The id (107-0357560-1728507) is appended to the url, and then checked,
usually, against a value in a DB to keep track of the user.

Bob Lehmann

<ja***@catamaranco.com> wrote in message
news:%2****************@TK2MSFTNGP11.phx.gbl...
I must be stupid, but I am picking up contradictions on how cookies are used
in sites. This dude says of Amazon:

Statement: "Amazon.com passes this test when it comes to the site being

100%
usable if one were to manually disable and delete cookies"

http://www.stickyminds.com/sitewide....ObjectType=ART
He then says: . I was able to use all major aspects of the site-searching,
shopping cart, checkout functions-even though cookies were completely
disabled.

His conclusion:

It appears that state maintenance was being taken care of server-side,

based
on the session ID at the end of the home page URL. For example, I chose

the
Yamaha CD-ROM kit on the amazon home page and added it to my shopping

cart.
The shopping cart page URL was
http://www.amazon.com/./one-click-th...357560-1728507. Changing the rightmost digit from 7 to 8, and posting this edited URL, lost my
shopping cart and brought up the following error page, lending further
support to the probability of server-side state maintenance with a session ID in the URL.

My Question:

How can 'state' be preserved on the server via a session ID if COOKIES ARE DISABLED and DELETEd....

I thought if the user disabled cookies that blew if for Session

Variables...

Could someone please tell me what I am missing here?

Thanks

Jason

<ja***@catamaranco.com> wrote in message
news:Ob*************@TK2MSFTNGP11.phx.gbl...
Is it possible for a user to enable permanent cookies but disable

session cookies.....this seems like a contradition yet this is what I appear
to be reading in online articles?



Jul 19 '05 #4

P: n/a
I'm not sure.

In this case, though, it looks like a GUID is being generated by the DB.

Bob Lehmann

<ja***@catamaranco.com> wrote in message
news:Ou**************@TK2MSFTNGP10.phx.gbl...
But is that ID not dependent on being retrieved iniitally from the user
machines cookie?

If cookies are disabled this ID would not be retrievable for later use on
the server?

"Bob Lehmann" <no****@dontbotherme.zzz> wrote in message
news:%2****************@TK2MSFTNGP12.phx.gbl...
The id (107-0357560-1728507) is appended to the url, and then checked,
usually, against a value in a DB to keep track of the user.

Bob Lehmann

<ja***@catamaranco.com> wrote in message
news:%2****************@TK2MSFTNGP11.phx.gbl...
I must be stupid, but I am picking up contradictions on how cookies are
used
in sites. This dude says of Amazon:

Statement: "Amazon.com passes this test when it comes to the site
being
100%
usable if one were to manually disable and delete cookies"

http://www.stickyminds.com/sitewide....ObjectType=ART He then says: . I was able to use all major aspects of the site-searching, shopping cart, checkout functions-even though cookies were completely
disabled.

His conclusion:

It appears that state maintenance was being taken care of server-side,

based
on the session ID at the end of the home page URL. For example, I
chose the
Yamaha CD-ROM kit on the amazon home page and added it to my shopping

cart.
The shopping cart page URL was
http://www.amazon.com/./one-click-th...357560-1728507.

Changing the rightmost digit from 7 to 8, and posting this edited URL, lost my
shopping cart and brought up the following error page, lending further
support to the probability of server-side state maintenance with a session ID in the URL.

My Question:

How can 'state' be preserved on the server via a session ID if COOKIES ARE DISABLED and DELETEd....

I thought if the user disabled cookies that blew if for Session

Variables...

Could someone please tell me what I am missing here?

Thanks

Jason

<ja***@catamaranco.com> wrote in message
news:Ob*************@TK2MSFTNGP11.phx.gbl...
> Is it possible for a user to enable permanent cookies but disable

session
> cookies.....this seems like a contradition yet this is what I appear

to
be
> reading in online articles?
>
>



Jul 19 '05 #5

P: n/a
You see, this cannot be possible, as his example is based on returning to
the home page of Amazon after he has disabled cookies...thus it is not
possible for the browser to know who he is unless it was pulling:

1. Cookie (but disabled, so impossible)
2. IP (But they would never do this method due to dynamic dhcp and aol user
implications of same ip)

Thus, something is screwed up with his explanation.

- Jason
"Bob Lehmann" <no****@dontbotherme.zzz> wrote in message
news:%2***************@TK2MSFTNGP12.phx.gbl...
I'm not sure.

In this case, though, it looks like a GUID is being generated by the DB.

Bob Lehmann

<ja***@catamaranco.com> wrote in message
news:Ou**************@TK2MSFTNGP10.phx.gbl...
But is that ID not dependent on being retrieved iniitally from the user
machines cookie?

If cookies are disabled this ID would not be retrievable for later use on
the server?

"Bob Lehmann" <no****@dontbotherme.zzz> wrote in message
news:%2****************@TK2MSFTNGP12.phx.gbl...
The id (107-0357560-1728507) is appended to the url, and then checked,
usually, against a value in a DB to keep track of the user.

Bob Lehmann

<ja***@catamaranco.com> wrote in message
news:%2****************@TK2MSFTNGP11.phx.gbl...
> I must be stupid, but I am picking up contradictions on how cookies are used
> in sites. This dude says of Amazon:
>
> Statement: "Amazon.com passes this test when it comes to the site being 100%
> usable if one were to manually disable and delete cookies"
>

http://www.stickyminds.com/sitewide....ObjectType=ART
> He then says: . I was able to use all major aspects of the

site-searching,
> shopping cart, checkout functions-even though cookies were completely > disabled.
>
> His conclusion:
>
> It appears that state maintenance was being taken care of server-side, based
> on the session ID at the end of the home page URL. For example, I chose the
> Yamaha CD-ROM kit on the amazon home page and added it to my shopping cart.
> The shopping cart page URL was
> http://www.amazon.com/./one-click-th...357560-1728507.

Changing
> the rightmost digit from 7 to 8, and posting this edited URL, lost my > shopping cart and brought up the following error page, lending further > support to the probability of server-side state maintenance with a

session
> ID in the URL.
>
> My Question:
>
> How can 'state' be preserved on the server via a session ID if

COOKIES ARE
> DISABLED and DELETEd....
>
> I thought if the user disabled cookies that blew if for Session
Variables...
>
> Could someone please tell me what I am missing here?
>
> Thanks
>
> Jason
>
> <ja***@catamaranco.com> wrote in message
> news:Ob*************@TK2MSFTNGP11.phx.gbl...
> > Is it possible for a user to enable permanent cookies but disable
session
> > cookies.....this seems like a contradition yet this is what I
appear to
be
> > reading in online articles?
> >
> >
>
>



Jul 19 '05 #6

P: n/a
It's not impossible. And, I don't think you understand what is going on
there.

This is what happens when a site chooses not to rely on cookies or sessions
for tracking users....

1. User enters site
2. A unique ID is assigned to the user, usually from a DB generated unique
ID
3. The unique id is stored in a DB
4. The unique ID is appended to *all* URLs to track the user, and passed
from page to page in the URL
5. If the unique ID is needed on a page, it is looked up in the DB and used
as a key in the DB for whatever transaction took place

You are making this cookies / no cookies problem way more difficult than it
needs to be.

You need to come up with some Use / Business Cases to determine if the no
cookie problem is really a problem to begin with. If no cookies will
severely impact your application, then code a solution that doesn't rely on
cookies. Don't add complexity developing 2 solutions to the problem

If there is bearable risk in not supporting the no-cookie folks, then direct
them to page that informs that accepting cookies are required, and let them
decide.

I'm not trying to be critical - You are obviously working very hard to do
whatever it is you are doing. But, you are lacking some fundamentals that
are causing you to go down paths trying to finding solutions to problems
that don't exist.

I suggest reading some basic literature on server-side programming and ASP.

Also, read this...
http://www.aspfaq.com/show.asp?id=2054

Bob Lehmann
<ja***@catamaranco.com> wrote in message
news:uu****************@TK2MSFTNGP11.phx.gbl...
You see, this cannot be possible, as his example is based on returning to
the home page of Amazon after he has disabled cookies...thus it is not
possible for the browser to know who he is unless it was pulling:

1. Cookie (but disabled, so impossible)
2. IP (But they would never do this method due to dynamic dhcp and aol user implications of same ip)

Thus, something is screwed up with his explanation.

- Jason
"Bob Lehmann" <no****@dontbotherme.zzz> wrote in message
news:%2***************@TK2MSFTNGP12.phx.gbl...
I'm not sure.

In this case, though, it looks like a GUID is being generated by the DB.

Bob Lehmann

<ja***@catamaranco.com> wrote in message
news:Ou**************@TK2MSFTNGP10.phx.gbl...
But is that ID not dependent on being retrieved iniitally from the user machines cookie?

If cookies are disabled this ID would not be retrievable for later use on the server?

"Bob Lehmann" <no****@dontbotherme.zzz> wrote in message
news:%2****************@TK2MSFTNGP12.phx.gbl...
> The id (107-0357560-1728507) is appended to the url, and then checked, > usually, against a value in a DB to keep track of the user.
>
> Bob Lehmann
>
> <ja***@catamaranco.com> wrote in message
> news:%2****************@TK2MSFTNGP11.phx.gbl...
> > I must be stupid, but I am picking up contradictions on how cookies
are
> used
> > in sites. This dude says of Amazon:
> >
> > Statement: "Amazon.com passes this test when it comes to the site

being
> 100%
> > usable if one were to manually disable and delete cookies"
> >
>

http://www.stickyminds.com/sitewide....ObjectType=ART > > He then says: . I was able to use all major aspects of the
site-searching,
> > shopping cart, checkout functions-even though cookies were completely > > disabled.
> >
> > His conclusion:
> >
> > It appears that state maintenance was being taken care of server-side, > based
> > on the session ID at the end of the home page URL. For example, I

chose
> the
> > Yamaha CD-ROM kit on the amazon home page and added it to my shopping > cart.
> > The shopping cart page URL was
> > http://www.amazon.com/./one-click-th...357560-1728507.
Changing
> > the rightmost digit from 7 to 8, and posting this edited URL, lost my > > shopping cart and brought up the following error page, lending further > > support to the probability of server-side state maintenance with a
session
> > ID in the URL.
> >
> > My Question:
> >
> > How can 'state' be preserved on the server via a session ID if COOKIES ARE
> > DISABLED and DELETEd....
> >
> > I thought if the user disabled cookies that blew if for Session
> Variables...
> >
> > Could someone please tell me what I am missing here?
> >
> > Thanks
> >
> > Jason
> >
> > <ja***@catamaranco.com> wrote in message
> > news:Ob*************@TK2MSFTNGP11.phx.gbl...
> > > Is it possible for a user to enable permanent cookies but disable > session
> > > cookies.....this seems like a contradition yet this is what I appear to
> be
> > > reading in online articles?
> > >
> > >
> >
> >
>
>



Jul 19 '05 #7

P: n/a
Also don't forget about us router users who share one IP address. We
may have 2+ people browsing the same site at the same time.

ja***@catamaranco.com wrote:
You see, this cannot be possible, as his example is based on returning to
the home page of Amazon after he has disabled cookies...thus it is not
possible for the browser to know who he is unless it was pulling:

1. Cookie (but disabled, so impossible)
2. IP (But they would never do this method due to dynamic dhcp and aol user
implications of same ip)

Thus, something is screwed up with his explanation.

- Jason
"Bob Lehmann" <no****@dontbotherme.zzz> wrote in message
news:%2***************@TK2MSFTNGP12.phx.gbl...
I'm not sure.

In this case, though, it looks like a GUID is being generated by the DB.

Bob Lehmann

<ja***@catamaranco.com> wrote in message
news:Ou**************@TK2MSFTNGP10.phx.gbl...
But is that ID not dependent on being retrieved iniitally from the user
machines cookie?

If cookies are disabled this ID would not be retrievable for later use
on
the server?

"Bob Lehmann" <no****@dontbotherme.zzz> wrote in message
news:%2****************@TK2MSFTNGP12.phx.gbl. ..

The id (107-0357560-1728507) is appended to the url, and then checked,
usually, against a value in a DB to keep track of the user.

Bob Lehmann

<ja***@catamaranco.com> wrote in message
news:%2****************@TK2MSFTNGP11.phx.gbl.. .

>I must be stupid, but I am picking up contradictions on how cookies


are
used

>in sites. This dude says of Amazon:
>
>Statement: "Amazon.com passes this test when it comes to the site


being
100%

>usable if one were to manually disable and delete cookies"
>
http://www.stickyminds.com/sitewide....ObjectType=ART
He then says: . I was able to use all major aspects of the

site-searching,

>shopping cart, checkout functions-even though cookies were
completely
disabled.
>
>His conclusion:
>
>It appears that state maintenance was being taken care of
server-side,
based

>on the session ID at the end of the home page URL. For example, I


chose
the

>Yamaha CD-ROM kit on the amazon home page and added it to my
shopping
cart.

>The shopping cart page URL was
>http://www.amazon.com/./one-click-th...357560-1728507.

Changing

>the rightmost digit from 7 to 8, and posting this edited URL, lost
my
shopping cart and brought up the following error page, lending
further
support to the probability of server-side state maintenance with a

session

>ID in the URL.
>
>My Question:
>
>How can 'state' be preserved on the server via a session ID if
COOKIES
ARE

>DISABLED and DELETEd....
>
>I thought if the user disabled cookies that blew if for Session

Variables...

>Could someone please tell me what I am missing here?
>
>Thanks
>
>Jason
>
><ja***@catamaranco.com> wrote in message
>news:Ob*************@TK2MSFTNGP11.phx.gbl.. .
>
>>Is it possible for a user to enable permanent cookies but disable

session

>>cookies.....this seems like a contradition yet this is what I
appear
to

be

>>reading in online articles?
>>
>>
>
>



Jul 19 '05 #8

P: n/a
Thanks for the advice - I appreciate it...

I now see what you were getting at....this is almost like starting a
'transcation' for a user based on db id to follow him around the site if
cookies are not enabled....

Just one question....I know that sql server does have a unique identifier
field...is this what is triggering the number or does the target page
activate an insert and then recall
the number for appendment on the url....

I wish I had seen this idea in my mind...I assumed from what I had read
online that cookies or cookie degradation was the only way...

I had also read Aaron's shopping car solution a while back but I though the
javascript could be an issue etc.....

ps: I find the wrox books okay but they usually have a lot of errors which
can also be a hinderance...

Thanks
Jason


"Bob Lehmann" <no****@dontbotherme.zzz> wrote in message
news:ul**************@TK2MSFTNGP12.phx.gbl...
It's not impossible. And, I don't think you understand what is going on
there.

This is what happens when a site chooses not to rely on cookies or sessions for tracking users....

1. User enters site
2. A unique ID is assigned to the user, usually from a DB generated unique
ID
3. The unique id is stored in a DB
4. The unique ID is appended to *all* URLs to track the user, and passed
from page to page in the URL
5. If the unique ID is needed on a page, it is looked up in the DB and used as a key in the DB for whatever transaction took place

You are making this cookies / no cookies problem way more difficult than it needs to be.

You need to come up with some Use / Business Cases to determine if the no
cookie problem is really a problem to begin with. If no cookies will
severely impact your application, then code a solution that doesn't rely on cookies. Don't add complexity developing 2 solutions to the problem

If there is bearable risk in not supporting the no-cookie folks, then direct them to page that informs that accepting cookies are required, and let them decide.

I'm not trying to be critical - You are obviously working very hard to do
whatever it is you are doing. But, you are lacking some fundamentals that
are causing you to go down paths trying to finding solutions to problems
that don't exist.

I suggest reading some basic literature on server-side programming and ASP.
Also, read this...
Bob Lehmann
<ja***@catamaranco.com> wrote in message
news:uu****************@TK2MSFTNGP11.phx.gbl...
You see, this cannot be possible, as his example is based on returning to
the home page of Amazon after he has disabled cookies...thus it is not
possible for the browser to know who he is unless it was pulling:

1. Cookie (but disabled, so impossible)
2. IP (But they would never do this method due to dynamic dhcp and aol

user
implications of same ip)

Thus, something is screwed up with his explanation.

- Jason
"Bob Lehmann" <no****@dontbotherme.zzz> wrote in message
news:%2***************@TK2MSFTNGP12.phx.gbl...
I'm not sure.

In this case, though, it looks like a GUID is being generated by the DB.
Bob Lehmann

<ja***@catamaranco.com> wrote in message
news:Ou**************@TK2MSFTNGP10.phx.gbl...
> But is that ID not dependent on being retrieved iniitally from the user > machines cookie?
>
> If cookies are disabled this ID would not be retrievable for later use on
> the server?
>
> "Bob Lehmann" <no****@dontbotherme.zzz> wrote in message
> news:%2****************@TK2MSFTNGP12.phx.gbl...
> > The id (107-0357560-1728507) is appended to the url, and then checked, > > usually, against a value in a DB to keep track of the user.
> >
> > Bob Lehmann
> >
> > <ja***@catamaranco.com> wrote in message
> > news:%2****************@TK2MSFTNGP11.phx.gbl...
> > > I must be stupid, but I am picking up contradictions on how cookies are
> > used
> > > in sites. This dude says of Amazon:
> > >
> > > Statement: "Amazon.com passes this test when it comes to the
site being
> > 100%
> > > usable if one were to manually disable and delete cookies"
> > >
> >
>

http://www.stickyminds.com/sitewide....ObjectType=ART
> > > He then says: . I was able to use all major aspects of the
> site-searching,
> > > shopping cart, checkout functions-even though cookies were

completely
> > > disabled.
> > >
> > > His conclusion:
> > >
> > > It appears that state maintenance was being taken care of

server-side,
> > based
> > > on the session ID at the end of the home page URL. For example, I chose
> > the
> > > Yamaha CD-ROM kit on the amazon home page and added it to my

shopping
> > cart.
> > > The shopping cart page URL was
> > > http://www.amazon.com/./one-click-th...357560-1728507. > Changing
> > > the rightmost digit from 7 to 8, and posting this edited URL, lost
my
> > > shopping cart and brought up the following error page, lending

further
> > > support to the probability of server-side state maintenance with
a > session
> > > ID in the URL.
> > >
> > > My Question:
> > >
> > > How can 'state' be preserved on the server via a session ID if

COOKIES
> ARE
> > > DISABLED and DELETEd....
> > >
> > > I thought if the user disabled cookies that blew if for Session
> > Variables...
> > >
> > > Could someone please tell me what I am missing here?
> > >
> > > Thanks
> > >
> > > Jason
> > >
> > > <ja***@catamaranco.com> wrote in message
> > > news:Ob*************@TK2MSFTNGP11.phx.gbl...
> > > > Is it possible for a user to enable permanent cookies but

disable > > session
> > > > cookies.....this seems like a contradition yet this is what I

appear
> to
> > be
> > > > reading in online articles?
> > > >
> > > >
> > >
> > >
> >
> >
>
>



Jul 19 '05 #9

P: n/a
The scheme will vary on how the number is actually generated. Look in db.asp
from Aaron's cart. It has one way of generating the id.

Bob Lehmann

<ja***@catamaranco.com> wrote in message
news:er*************@TK2MSFTNGP12.phx.gbl...
Thanks for the advice - I appreciate it...

I now see what you were getting at....this is almost like starting a
'transcation' for a user based on db id to follow him around the site if
cookies are not enabled....

Just one question....I know that sql server does have a unique identifier
field...is this what is triggering the number or does the target page
activate an insert and then recall
the number for appendment on the url....

I wish I had seen this idea in my mind...I assumed from what I had read
online that cookies or cookie degradation was the only way...

I had also read Aaron's shopping car solution a while back but I though the javascript could be an issue etc.....

ps: I find the wrox books okay but they usually have a lot of errors which
can also be a hinderance...

Thanks
Jason


"Bob Lehmann" <no****@dontbotherme.zzz> wrote in message
news:ul**************@TK2MSFTNGP12.phx.gbl...
It's not impossible. And, I don't think you understand what is going on
there.

This is what happens when a site chooses not to rely on cookies or sessions
for tracking users....

1. User enters site
2. A unique ID is assigned to the user, usually from a DB generated unique
ID
3. The unique id is stored in a DB
4. The unique ID is appended to *all* URLs to track the user, and passed
from page to page in the URL
5. If the unique ID is needed on a page, it is looked up in the DB and

used
as a key in the DB for whatever transaction took place

You are making this cookies / no cookies problem way more difficult than

it
needs to be.

You need to come up with some Use / Business Cases to determine if the no cookie problem is really a problem to begin with. If no cookies will
severely impact your application, then code a solution that doesn't rely

on
cookies. Don't add complexity developing 2 solutions to the problem

If there is bearable risk in not supporting the no-cookie folks, then

direct
them to page that informs that accepting cookies are required, and let

them
decide.

I'm not trying to be critical - You are obviously working very hard to do whatever it is you are doing. But, you are lacking some fundamentals that are causing you to go down paths trying to finding solutions to problems
that don't exist.

I suggest reading some basic literature on server-side programming and

ASP.

Also, read this...


Bob Lehmann
<ja***@catamaranco.com> wrote in message
news:uu****************@TK2MSFTNGP11.phx.gbl...
You see, this cannot be possible, as his example is based on returning

to the home page of Amazon after he has disabled cookies...thus it is not
possible for the browser to know who he is unless it was pulling:

1. Cookie (but disabled, so impossible)
2. IP (But they would never do this method due to dynamic dhcp and aol

user
implications of same ip)

Thus, something is screwed up with his explanation.

- Jason
"Bob Lehmann" <no****@dontbotherme.zzz> wrote in message
news:%2***************@TK2MSFTNGP12.phx.gbl...
> I'm not sure.
>
> In this case, though, it looks like a GUID is being generated by the DB. >
> Bob Lehmann
>
> <ja***@catamaranco.com> wrote in message
> news:Ou**************@TK2MSFTNGP10.phx.gbl...
> > But is that ID not dependent on being retrieved iniitally from the

user
> > machines cookie?
> >
> > If cookies are disabled this ID would not be retrievable for later use on
> > the server?
> >
> > "Bob Lehmann" <no****@dontbotherme.zzz> wrote in message
> > news:%2****************@TK2MSFTNGP12.phx.gbl...
> > > The id (107-0357560-1728507) is appended to the url, and then

checked,
> > > usually, against a value in a DB to keep track of the user.
> > >
> > > Bob Lehmann
> > >
> > > <ja***@catamaranco.com> wrote in message
> > > news:%2****************@TK2MSFTNGP11.phx.gbl...
> > > > I must be stupid, but I am picking up contradictions on how

cookies
> are
> > > used
> > > > in sites. This dude says of Amazon:
> > > >
> > > > Statement: "Amazon.com passes this test when it comes to the site > being
> > > 100%
> > > > usable if one were to manually disable and delete cookies"
> > > >
> > >
> >
>

http://www.stickyminds.com/sitewide....ObjectType=ART
> > > > He then says: . I was able to use all major aspects of the
> > site-searching,
> > > > shopping cart, checkout functions-even though cookies were
completely
> > > > disabled.
> > > >
> > > > His conclusion:
> > > >
> > > > It appears that state maintenance was being taken care of
server-side,
> > > based
> > > > on the session ID at the end of the home page URL. For example, I
> chose
> > > the
> > > > Yamaha CD-ROM kit on the amazon home page and added it to my
shopping
> > > cart.
> > > > The shopping cart page URL was
> > > > http://www.amazon.com/./one-click-th...357560-1728507. > > Changing
> > > > the rightmost digit from 7 to 8, and posting this edited URL, lost my
> > > > shopping cart and brought up the following error page, lending
further
> > > > support to the probability of server-side state maintenance
with
a > > session
> > > > ID in the URL.
> > > >
> > > > My Question:
> > > >
> > > > How can 'state' be preserved on the server via a session ID if
COOKIES
> > ARE
> > > > DISABLED and DELETEd....
> > > >
> > > > I thought if the user disabled cookies that blew if for

Session > > > Variables...
> > > >
> > > > Could someone please tell me what I am missing here?
> > > >
> > > > Thanks
> > > >
> > > > Jason
> > > >
> > > > <ja***@catamaranco.com> wrote in message
> > > > news:Ob*************@TK2MSFTNGP11.phx.gbl...
> > > > > Is it possible for a user to enable permanent cookies but

disable
> > > session
> > > > > cookies.....this seems like a contradition yet this is what I appear
> > to
> > > be
> > > > > reading in online articles?
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>



Jul 19 '05 #10

This discussion thread is closed

Replies have been disabled for this discussion.