No Cookie: how to implement session?
Paul Rubin
http
Wed Mar 29 01:39:15 EST 2006
aleaxit at yahoo.com (Alex Martelli) writes:
> Cookies aren't "tricks" -- they are THE standard, architected solution
> for session persistence in HTTP 1.1 -- people who disable them are
> saying they do not *WANT* persistent sessions... on their heads be it.
That so many people do this is partly the fault of browsers. Until
recently, there was no way to configure most browsers to accept all
cookies but treat them as ephemeral (dispose of them when you close
the browser). Your choices were:
1) accept all cookies; non-ephemeral ones would persist on your hard disk
2) accept only ephemeral cookies: ones marked non-ephemeral would be
ignored
3) ignore ALL cookies
Choice #1 enables invasive long-term user tracking that is not
necessary for mere session persistence.
Choice #2 stops the long-term tracking, but session cookies get
ignored if they have an expiration date (that makes them
non-ephemeral). That stops most session cookies from working. This
choice was available in some versions of Netscape Communicator but I
don't think MS Explorer had it.
Choice #3 stops sessions from working all the time.
What you really want is for your browser to accept all cookies
including persistent ones, but the cookie at the end of the session
regardless of the requested expiration date. Firefox can do that and
it's the setting that I use. I don't know if other browsers can do it yet.
More information about the Python-list
mailing list