|go ahead... be a heretic
Re: If you do away with server-side state, you don't need cookiesby mpeters (Chaplain)
|on Jul 05, 2005 at 16:48 UTC
Whether you send the data to the client as a hidden field in a form, or as a cookie it's basically the same thing. And by using a cookie you can be sure that the data will be in every request the user sends (GET's, links, images, media, etc) from then on, not just the results of a form.
While this would reduce the need for server side storage of sessions, this can already be done. There are lots of people who instead of sending a session id in the cookie (or hidden field) will send a serialized version of an object or hash which they can then unserialize at the next request.
-- More people are killed every year by pigs than by sharks, which shows you how good we are at evaluating risk. -- Bruce Schneier