HTTP state management without cookies?
phil hunt
philh at comuno.freeserve.co.uk
Fri Feb 22 09:49:38 EST 2002
On Fri, 22 Feb 2002 00:02:10 GMT, Roy Madden <roy at linksheaven.com> wrote:
>On 19 Feb 2002 21:31:00 GMT, Lutz Schroeer
><Lutz.Schroeer at kybernetik-manufaktur.de> wrote:
>
>>I'm creating a website which makes intensive use of cgi scripts and there
>>is the possibility for the visitor to register as a user for having the
>>ability to customize the site appearance, contents and other stuff.
>>
>>Jumping from one script to the other I need to remember at least the user's
>>name. The W3C recommends using cookies (RFC 2109). Unfortunately many
>>people don't like cookies and filter them using WebWasher or a personal
>>firewall.
>>
>I'm going to try and dig up some stats for you, but from experience and
>research the population of those who do not accept cookies is very very
>small (albeit tend to be technically proficient and vocal online). I once
>worked for an online bank with operations in Germany, and we considered
>this issue *very* carefully before choosing cookies for our user
>interface.
>
>A slightly larger population do not 'like' them, but of the 3 methods of
>maintaining session state they are the most secure option (waiting for the
>flames to start :) ) - if security is an issue for you, and the 'like'
>issue is a matter of user education.
What do you consider the other 2 methods to be? I can think of
encoding it in the URL, and the server remembering the browser's IP
address. Are there others?
--
===== Philip Hunt ===== philh at comuno.freeserve.co.uk =====
Herbivore, a zero-effort email encryption system. Details at:
<http://www.vision25.demon.co.uk/oss/herbivore/intro.html>
More information about the Python-list
mailing list