On 3/27/06, RA Jones <suppressed> wrote:
> I've run into an unforeseen problem with the above combination. All
> worked fine under development on my system, but transferring to
> production for the final test session highlighted the following - if the
> user disables cookies then session maintenance fails even when using
> session management. Presumably this is because CGISESSID is always
> required irrespective of store method? Is there any way round this save
> the horrible kludge of passing the parameter as an embedded hidden form
> field or tacked onto the end of clickable links?
The systems needs to be able to identify the user at the other end in
one way or another. That is most often done with cookies, and in the
case of the Authen plugin, it offers the Session based or Cookie based
way of tracking who the users is. Unfortunately for you, as you have
found out. both default to using cookies to track who the user is.
So really your only way out is to use the kludge method of passing
around the session ID in forms and URLs (or do some funky
PATH_INFO/mod_rewrite stuff, or even switch to good ol' Basic
Authentication that your web server provides). Or do what I usually
do and just ignore people that turn off cookies. Why cater to a
misguided minority that use a sledgehammer where a screw driver would
suffice...
It's possible that I might ruffle some feathers with that one as I am
sure there are some people on the list that disable cookies by
default. If you do that, make sure you have the tools available to
selectively turn on cookies where it makes sense.
Cheers,
Cees
ps. Note that I am mainly talking about cookies that are used for
authentication. Most of my apps only use sessions optionally (for
storing preferences and such), so rejecting cookies will not stop you
from using the app in general.
---------------------------------------------------------------------
Web Archive: http://www.mail-archive.com/suppressed/
http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: suppressed
For additional commands, e-mail: suppressed
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.