cookies for HTTP session tracking

Alex Martelli aleax at aleax.it
Thu Jan 10 10:28:15 CET 2002


"Neil Schemenauer" <nas at python.ca> wrote in message
news:mailman.1010598388.16959.python-list at python.org...
> Gabriel Ambuehl wrote:
> > > All sites I know use cookies for login and tracking.
> > Which both is pretty much flawed as it can be done otherwise as well
> > (it's a bit harder to implement, but still, it can be done).
>
> The only other way I know of doing it is to put the session id in the
> URL.  That approach has problems (as AMK explained).  Do you have a
> better solution?

No, but there is a _different_ solution (not necessarily _better_!-):
<INPUT TYPE="HIDDEN" VALUE="sessionidgoeshere" NAME="MYHIDDEN></INPUT>.

Assuming the forms use POST, not GET, this doesn't show in the URL,
which is the "advantage" (or disadvantage, if you want to bookmark)
wrt "session id in the URL".

It has its own disadvantages of course.  For example, it only works
with forms: if you just want to enable navigation within your site
via <A HREF="..."> tags, the "hidden input" approach is just not
applicable (while cookies and sessionid-in-URL approaches still are).


Alex






More information about the Python-list mailing list