HTTP state management without cookies?
Roy Madden
roy at linksheaven.com
Thu Feb 21 19:02:10 EST 2002
On 19 Feb 2002 21:31:00 GMT, Lutz Schroeer
<Lutz.Schroeer at kybernetik-manufaktur.de> wrote:
>I'm creating a website which makes intensive use of cgi scripts and there
>is the possibility for the visitor to register as a user for having the
>ability to customize the site appearance, contents and other stuff.
>
>Jumping from one script to the other I need to remember at least the user's
>name. The W3C recommends using cookies (RFC 2109). Unfortunately many
>people don't like cookies and filter them using WebWasher or a personal
>firewall.
>
I'm going to try and dig up some stats for you, but from experience and
research the population of those who do not accept cookies is very very
small (albeit tend to be technically proficient and vocal online). I once
worked for an online bank with operations in Germany, and we considered
this issue *very* carefully before choosing cookies for our user
interface.
A slightly larger population do not 'like' them, but of the 3 methods of
maintaining session state they are the most secure option (waiting for the
flames to start :) ) - if security is an issue for you, and the 'like'
issue is a matter of user education.
Roy
--
http://www.linksheaven.com
More information about the Python-list
mailing list