JavaScript considered harmful (was Re: New online index to Beazley's tutorials)
Aahz Maruch
aahz at panix.com
Tue Jan 8 08:15:37 EST 2002
In article <mailman.1010494751.14448.python-list at python.org>,
Chris Gonnerman <chris.gonnerman at newcenturycomputers.net> wrote:
>From: "Aahz Maruch" <aahz at panix.com>
>> In article <a1ekt4$jv1$1 at serv1.iunet.it>, Alex Martelli <aleax at aleax.it> wrote:
>>>
>>>The obvious problem: visitors find it irksome to have to type the
>>>username and password on each site-visit in order to get at the
>>>nifty customization features. We need some client-side state to
>>>ameliorate this.
>>
>> Nope. If security matters, then you don't want client-side state. If
>> security doesn't matter, you can provide a bookmarkable URL with their
>> login information. It's really that simple. You're certainly not going
>> to store all that customizing information in cookies because of the
>> multi-machine problem I mentioned earlier.
>
>I'm with Alex here... particularly since you don't store "all that
>customizing information" on the client machine. Generally I store an
>apparently random bit of data (the primary key value of the database
>record where the primary identification of the user is stored). Small and
>unobtrusive, but it gets the job done. Lacking a valid value for this
>cookie, I force the user to enter username and password.
So how do you handle it when users don't permit cookies? You refuse to
let them have customized pages? You still need a session ID in the URL.
Why not just give them a bookmarkable page?
--
--- Aahz <*> (Copyright 2002 by aahz at pobox.com)
Hugs and backrubs -- I break Rule 6 http://www.rahul.net/aahz/
Androgynous poly kinky vanilla queer het Pythonista
"There are time when effort is important and necessary, but this should
not be taken as any kind of moral imperative." --jdecker
More information about the Python-list
mailing list