[Web-SIG] Session interface
jonathan at carnageblender.com
Tue Aug 16 22:48:50 CEST 2005
On Tue, 16 Aug 2005 16:37:31 -0400, "Phillip J. Eby"
<pje at telecommunity.com> said:
> At 01:14 PM 8/16/2005 -0700, Jonathan Ellis wrote:
> >But there's a reason they're in such common use; it's a huge waste
> >(particular for low-bandwidth clients) to store anything more than
> >absolutely necessary in a cookie that the client sends repeatedly. Much
> >more efficient to send "here's my token" which the server uses to
> >retrieve the rest.
> I agree; and in fact until I saw Ian's status-message example, I've never
> had need to store anything in a cookie except login credentials or an
> identifier used to find application objects like a shopping cart.
> IOW, cookies are fundamentally for short strings. However, if your
> data consists solely of short strings, or short-lived medium-size strings
> (like a status message) then it works out nicely.
Sure, but given the choice between N short strings and one, one is
> If you have session data other than short strings, then you should store
> with your application data, since it's clearly data that's part of your
Still, it can be good to have a simple place to store non-permanent
Is the potential for abuse worth it? Perhaps not. I also can't think
of a time when I needed sessions in the past 5 or so years.
More information about the Web-SIG