Web devel with python. Whats the best route?

Erno Kuusela erno-news at erno.iki.fi
Sun Jan 14 03:34:37 EST 2001


In article <93om7l$p6s$1 at nnrp1.deja.com>, echuck at mindspring.com writes:

| In article <kuofxhi4d2.fsf at lasipalatsi.fi>,
|   Erno Kuusela <erno-news at erno.iki.fi> wrote:

|| lately i've come to the conclusion that the best way to do session
|| tracking (certainly better than cookies) is to generate a unique id
|| and put it in the url as a path component. something like
|| http://my.site/my-program/0dj2/operation or whatever. 

| One disadvantage with the above is that if the session data expires
| after some period of inactivity (a common practice on various web
| sites), then the URLs resulting from the above technique are not
| bookmarkable. You might be able to detect this on the server side and
| compensate to make them so, but then that's just as ugly or more so
| than using cookies.

in my eye, the ugliness of cookies lies in their "out-of-bandness",
so i do consider the session-id-in-url approach prettier even
when i have to detect expired sessions.

> this has the advantage of
|| b) making the session portable in the sense that you can
||    take a url to another machine and have it work

| Also, is (b) really an advantage? How often do you need to take a URL
| to another machine?

pretty often. mail it to a friend, etc.

|| c) making it work with search engines
| I'm not clear on (c) and search engines. If a session is related to a
| specific user, doesn't that imply that:
|  1. the searchbot gets it's own session id,
|  2. stores the id in the URL and
|  3. now when a user finds the URL via the search engine, they click in
| and are considered to be "AltaVista"?

presumably the session has expired by then and the user is redirected
to a url with a fresh session string. one can also encode the client
address in the url and check it.

| On the contrary, using cookies gives you clean URLs like:
|   http://host.com/docs/faq/
| Which when clicked through a search engine will not come in with a
| session id that is either expired or inaccurate, like
| http://host.com/89dfgk49f/docs/faq would.

this is true.

| Item (d) says cookies are ugly. What's ugly about this:?
|   Set-Cookie: use=webware;
| Or the clean URLs described above? Session ids are for the eyes of
| programmers, not users.

cookies are an ugly kludge in http because they are logically
part of the information needed to locate the object in the http
request, but they are outside of the path in the request. and they hurt
cacheability.

they are a pain to manage for users, who have to enable them for your
site. which is often painful since many browsers don't provide for
this functionality - users have to rely on a 3rd party proxy or
somesuch to do the filtering.

of course this is small potatoes in the nauseating sea of terrifying
kludges that is the current world wide web, so most people don't care
very much.

| In summary, I think cookies are both clean and convenient, if you're
| confident your user base has them.

i think we'll have to agree to disagree.

  -- erno



More information about the Python-list mailing list