No such thing as a small change | |
PerlMonks |
On using cookies for session management...by merlyn (Sage) |
on Oct 17, 2000 at 15:33 UTC ( [id://37125]=note: print w/replies, xml ) | Need Help?? |
Hmm. I don't know why you went off on the "cookies" thing. The problem here is that d_i_r_t_y wants to have two parallel conversations within one browser, and you can't do that purely with cookies, because the browser will happily send the identically same cookie to both "session" hits. So you can't use cookies or basic auth, and that means you're stuck with mangled URLs or hidden fields. That, or PSI::ESP, which hasn't been uploaded yet, but I have a feeling it will shortly.
As for why some people "hate cookies (or advise not to use them)", I can give you my take on that. Cookies used for long-term authentication presume the demonstratably false statement of "one user is one browser", as opposed to session cookies, which I actually consider OK unless it breaks something like in d_i_r_t_y's case. In a given day, I'm popping back and forth between three or four browsers, and some of the browsers I use are on other people's machines, especially in internet cafes and such. So if you're crazy enough to use cookies for auth:
Because of that last point, you've got to provide a mangled URL or hidden field solution anyway. So the easiest way out is to go ahead and presume "no cookies", and then slowly add in to the design a way of having longer term recognition, as long as you stay within the guidelines above. -- Randal L. Schwartz, Perl hacker
In Section
Seekers of Perl Wisdom
|
|