JavaScript considered harmful (was Re: New online index to Beazley's tutorials)
Steve Holden
sholden at holdenweb.com
Tue Jan 8 10:11:55 EST 2002
"Aahz Maruch" <aahz at panix.com> wrote in message
news:a1evr7$i5l$1 at panix3.panix.com...
> In article <mailman.1010497332.23208.python-list at python.org>,
> Mark McEahern <marklists at mceahern.com> wrote:
> >Aahz:
> >>
> >> So how do you handle it when users don't permit cookies? You refuse to
> >> let them have customized pages? You still need a session ID in the
URL.
> >> Why not just give them a bookmarkable page?
> >
> >one approach would be to require at least session cookies.
>
> Why? That's stupid. Too many sites misuse cookies, so lots of people
> turn cookies off. Alex's point about cookies for storing login
> information across sessions at least makes some sense for persistent
> storage, but cookies for sessions IDs is absurd.
This seems a little like a hobby-horse to me. If you are prepared to pass
session IDs across the Internet in clear then you surely run a certain
amount of risk of having sessions hijacked by snoopers. Security's relative,
and while I object to the abuse of cookies for third-party web access
tracking that doesn't mean they don't have some legitimate uses.
If someone can't use a cookie-enabled site because they don't accept cookies
then that's their choice, and I'm certainly not going to try to limit their
freedom.
The REAL problem is with browsers that cheerfully respond with cookies to
servers other than the source of the HTML page they are currently rendering.
If every browser would allow this behavior to be switched off (and had it
switched off by default) then the "1-pixel camera" trick would be a spent
force and we could all stop having these discussions.
regards
Steve
--
http://www.holdenweb.com/
More information about the Python-list
mailing list