perl-asp mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Josh Chamas <j...@chamas.com>
Subject Re: AW: Two suggestions
Date Fri, 11 Apr 2003 19:29:05 GMT
Uwe Riehm wrote:
> Hi Josh,
> 
> I think I didn't explain very well what I meant because I guess you misunderstood me.
> I know and have already tested this SessionQueryForce setting which works very well.
> In general I like the way Apache ASP is using to store the session id information, which
> means if the user accepts a cookie it is stored there and if not it is stored in the
urls
> by parsing the scripts. 
> BUT: if a user declines to accept cookies it is stored in the urls and additionally every
time
> the user clicks on one of those links / urls inside a script and calls another script
a 
> new cookie is tried to set. And this is the thing that can be very annoying - at least
if 
> the user wants to be informed about every cookie that is set on his computer. 
> Therefore my idea / suggestion was to just set a cookie once - when the session is started
> and afterwards just take the seesionid from the cookie sent back or take it from the
url.
> If you have a look at what Apache ASP does if it can sucessfully send a cookie: it does
not
> send it anymore later on in the same session! 

I believe the functionality should stay this way in part because of what
it can do currently that it would not be able to do otherwise.  There is
an important usage that some might be using ( I certainly have ), where they
need to link the session-id into the URL explicitly to work around times
when browsers lose cookies.  IE in particular will *sometimes* drop session
cookies when using frames or javascript popup windows, and the only way to
get the session to persist across these frames or popups is to explictly
link the session-id into the URL.  In the new window/frame, the session
cookie is restored with the current functionality.

So, I am reluctant to change how it works now because it serves a useful
purpose.  So if you really don't want your users to deal with cookies at
all, I would recommend using SessionQueryForce parameter which was designed
for this purpose.

Regards,

Josh

________________________________________________________________
Josh Chamas, Founder                   phone:925-552-0128
Chamas Enterprises Inc.                http://www.chamas.com
NodeWorks Link Checking                http://www.nodeworks.com


---------------------------------------------------------------------
To unsubscribe, e-mail: asp-unsubscribe@perl.apache.org
For additional commands, e-mail: asp-help@perl.apache.org


Mime
View raw message