On Mon, 27 Mar 2006 15:08:08 -0500, Cees Hek wrote:
Hi Cees
> The systems needs to be able to identify the user at the other end
> in one way or another. That is most often done with cookies, and
> in the case of the Authen plugin, it offers the Session based or
> Cookie based way of tracking who the users is. Unfortunately for
> you, as you have found out. both default to using cookies to track
> who the user is.
Why is that?
Is this documented?
Is it a defect in the design, even if deliberate?
> So really your only way out is to use the kludge method of passing
I object to the word kludge! Aren't we agreed that TMTOWTDI?
Surely it's personal preference, in that there's no one way which is best in
every circumstance.
> around the session ID in forms and URLs (or do some funky
> PATH_INFO/mod_rewrite stuff, or even switch to good ol' Basic
> Authentication that your web server provides). Or do what I
> usually do and just ignore people that turn off cookies. Why cater
> to a misguided minority that use a sledgehammer where a screw
> driver would suffice...
As Steve Gibson says: It's MY computer! I.e.: Let the user do what they want.
But why choose a method with requires user intervention in the first place?
> It's possible that I might ruffle some feathers with that one as I
> am sure there are some people on the list that disable cookies by
> default. If you do that, make sure you have the tools available to
> selectively turn on cookies where it makes sense.
Well, I never use cookies in my apps, so I don't care what the user chooses to
do by way of allowing/disallowing them.
--
Ron Savage
suppressed
http://savage.net.au/index.html
---------------------------------------------------------------------
Web Archive: http://www.mail-archive.com/suppressed/
http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: suppressed
For additional commands, e-mail: suppressed
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.