JavaScript considered harmful (was Re: New online index to Beazley's tutorials)
Alex Martelli
aleax at aleax.it
Tue Jan 8 09:24:25 EST 2002
"Aahz Maruch" <aahz at panix.com> wrote in message
news:a1erdp$c0t$1 at panix3.panix.com...
...
> >>>The obvious problem: visitors find it irksome to have to type the
> >>>username and password on each site-visit in order to get at the
> >>>nifty customization features. We need some client-side state to
> >>>ameliorate this.
...
> So how do you handle it when users don't permit cookies? You refuse to
> let them have customized pages? You still need a session ID in the URL.
> Why not just give them a bookmarkable page?
If a user prefers to type userid and password each time they visit my site,
rather than permitting cookies, then I'm obviously not going to refuse
them their preferred operating mode. Within-session, I'm presumably
going to carry state (user identification) in hidden input fields, in
this case, as it has to be within one reasonably brief "surfing session"
only; better to leave URLs nice and clean, so my regular users will be
encouraged to copy-and-paste them in enthusiastic word-of-mouth promotion
of my site by email, chat, SMS's, and voice conversations with friends.
Long URLs encoding id info are the least preferable option here, although,
if a way can be found to support them as a further _option_ (_without_
foisting them on the vast majority of users, which have no need for them),
they may be worth doing too. (That's similar to the cookie-unrelated idea
of using POST normally, to get clean URLs for queries too, and GET as a
special option to allow "bookmarkable queries" as well).
Alex
More information about the Python-list
mailing list