JavaScript considered harmful
Andrew Kuchling
akuchlin at mems-exchange.org
Tue Jan 8 11:35:57 EST 2002
aahz at panix.com (Aahz Maruch) writes:
> I'm simply pointing out that using cookies doesn't gain site developers
> much (if anything) and that *requiring* cookies loses users. If that's
> what they want, fine -- but most developers don't even *understand* this
> yet.
What cookies gain is simplicity. They avoid the need to run every
single page on a site through a script that inserts the session into
every link. That has several nice properties:
* The site puts less load on the server, as static pages can be
served in the usual way.
* The user can browse off to some other site, come back, and
their session will still be there. Or they can pop up an
empty browser window, type in the site URL, and still have
their session.
* URLs stay simple; users are not able to figure out which
* part of the URL is a session ID and can be omitted.
Personally, I'd implement with cookies. Newer user agents have the
flexibility to allow cookies for some domains and reject them for
others (but does IE, which is the 900-pound gorilla here?), so
sophisticated users can configure their browser appropriately, and
unsophisticated users won't go disabling cookies anyway. If people
want to not use our application out of fear of cookies, oh well, it's
their loss.
I deem supporting both cookies and URL IDs to be impractical; 99% of
people will be happy with the cookied version, so the URL version will
get very little testing, and it'll add painful complexity to the Web
server's configuration.
Good luck with your procedure, and get well soon!
--amk
More information about the Python-list
mailing list