JavaScript considered harmful (was Re: New online index to Beazley's tutorials)

[Aahz Maruch]

In article <mailman.1010494751.14448.python-list at python.org>,
Chris Gonnerman <chris.gonnerman at newcenturycomputers.net> wrote:
>From: "Aahz Maruch" <aahz at panix.com>
>> In article <a1ekt4$jv1$1 at serv1.iunet.it>, Alex Martelli <aleax at aleax.it> wrote:
>>>
>>>The obvious problem: visitors find it irksome to have to type the
>>>username and password on each site-visit in order to get at the
>>>nifty customization features.  We need some client-side state to
>>>ameliorate this.
>>
>> Nope.  If security matters, then you don't want client-side state.  If
>> security doesn't matter, you can provide a bookmarkable URL with their
>> login information.  It's really that simple.  You're certainly not going
>> to store all that customizing information in cookies because of the
>> multi-machine problem I mentioned earlier.
>
>I'm with Alex here... particularly since you don't store "all that
>customizing information" on the client machine.  Generally I store an
>apparently random bit of data (the primary key value of the database
>record where the primary identification of the user is stored).  Small and
>unobtrusive, but it gets the job done.  Lacking a valid value for this
>cookie, I force the user to enter username and password.

So how do you handle it when users don't permit cookies?  You refuse to
let them have customized pages?  You still need a session ID in the URL.
Why not just give them a bookmarkable page?
-- 
                      --- Aahz  <*>  (Copyright 2002 by aahz at pobox.com)

Hugs and backrubs -- I break Rule 6                 http://www.rahul.net/aahz/
Androgynous poly kinky vanilla queer het Pythonista   

"There are time when effort is important and necessary, but this should
not be taken as any kind of moral imperative."  --jdecker