I guess one advantage of not using cookies, is you can maintain sessions on devices that do not accept cookies, such as pda's and phones.

The biggest disadvantage is the ease in which a session can be hijacked.

If, for example, you cut and paste the URL and email it to another person, they will have your session. Its a rather simplistic example, but is a threat I would consider, especially if you have personal information on your site.

Here is a good article outlining good web session security. It may be a little overkill, but great reading.

Update: To help cover against the hijacking, a different token should be used for every page sent.

In reply to Re: Maintain Session without Cookies? by Ryszard
in thread Maintain Session without Cookies? by Coplan

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.