cookies for HTTP session tracking
Michael Ströder
michael at stroeder.com
Thu Jan 10 05:27:08 EST 2002
Alex Martelli wrote:
>
> No, but there is a _different_ solution (not necessarily _better_!-):
> <INPUT TYPE="HIDDEN" VALUE="sessionidgoeshere" NAME="MYHIDDEN></INPUT>.
>
> Assuming the forms use POST, not GET, this doesn't show in the URL,
> which is the "advantage" (or disadvantage, if you want to bookmark)
> wrt "session id in the URL".
>
> It has its own disadvantages of course. For example, it only works
> with forms: if you just want to enable navigation within your site
> via <A HREF="..."> tags, the "hidden input" approach is just not
> applicable (while cookies and sessionid-in-URL approaches still are).
It does work without forms though the hidden parameters show up in
the query string of the URL. Your application might wanna construct
the URLs including the query string and put it in <A HREF="...">
(urlib.quote() is needed off course). E.g. Google does it that way
for generating the URL for switching between the different search
forms while keeping the search values.
Some people here claim that it makes problems with the user
bookmarking the URL including the session ID. Well, then one has to
rethink how the session handling is done. If the user comes with an
invalid session ID simply give him a new one.
Ciao, Michael.
More information about the Python-list
mailing list