JavaScript considered harmful (was Re: New online index to Beazley's tutorials)

Alex Martelli aleax at
Tue Jan 8 15:24:25 CET 2002

"Aahz Maruch" <aahz at> wrote in message
news:a1erdp$c0t$1 at
> >>>The obvious problem: visitors find it irksome to have to type the
> >>>username and password on each site-visit in order to get at the
> >>>nifty customization features.  We need some client-side state to
> >>>ameliorate this.
> So how do you handle it when users don't permit cookies?  You refuse to
> let them have customized pages?  You still need a session ID in the URL.
> Why not just give them a bookmarkable page?

If a user prefers to type userid and password each time they visit my site,
rather than permitting cookies, then I'm obviously not going to refuse
them their preferred operating mode.  Within-session, I'm presumably
going to carry state (user identification) in hidden input fields, in
this case, as it has to be within one reasonably brief "surfing session"
only; better to leave URLs nice and clean, so my regular users will be
encouraged to copy-and-paste them in enthusiastic word-of-mouth promotion
of my site by email, chat, SMS's, and voice conversations with friends.

Long URLs encoding id info are the least preferable option here, although,
if a way can be found to support them as a further _option_ (_without_
foisting them on the vast majority of users, which have no need for them),
they may be worth doing too.  (That's similar to the cookie-unrelated idea
of using POST normally, to get clean URLs for queries too, and GET as a
special option to allow "bookmarkable queries" as well).


More information about the Python-list mailing list