Comments on: Life without cookies (or URL rewriting)

By: Chris

Chris — Wed, 22 Nov 2006 18:54:02 +0000

I love cookies / I HATE cookies.

Privacy aside, users on my site like to login as more than one user at the same time (They pay me so I cant say no). With session cookies this works fine in 2 seperate browsers, but if both are opened in the same browser instance (tabs or file|new) the cookies are shared and everything goes downhill from there…

By: david

david — Wed, 20 Sep 2006 11:41:13 +0000

The trouble with URL rewriting for session management is that bookmarks stop working (because your session is stale the next time you visit).

By: Mudgal

Mudgal — Wed, 20 Sep 2006 08:32:23 +0000

Well I personally find cookies a bit problematic but URL Rewriting is just wonderful things. Its kinda must for SEO and looks very neat.

By: Elliotte Rusty Harold

Elliotte Rusty Harold — Thu, 10 Nov 2005 22:24:20 +0000

Check out the comment system on http://cafe.elharo.com
No cookies and no URL rewriting

By: david

david — Fri, 14 Oct 2005 10:56:48 +0000

The main problem with AJAX is that many implementations break bookmarks and the back button, though I understand that there are workarounds available.

By: Sjoerd Visscher

Sjoerd Visscher — Fri, 14 Oct 2005 09:01:54 +0000

The solution is simple: use a single page which leaves the session on the client and interacts with the server using AJAX or similar technology.

By: Mark Baker

Mark Baker — Fri, 14 Oct 2005 03:26:34 +0000

“[...]violates the REST principle that n requests with the same URL should return the same object”

Hmm, I’m not exactly sure what you’re referring to there, but REST has no problem with GET requests to the same URL returning different things at different times, or as a function of information in the message itself (which is what the HTTP Vary header explicitly accomodates).

By: david

david — Fri, 14 Oct 2005 02:14:21 +0000

The authentication information is voluntarily supplied by the user. Increasingly, cookies can be handled the same way — I turn them off by default in Firefox, and then grant them (sparingly) on a case-by-case basis to individual sites — but that’s a little beyond the average browser user right now.

By: Henning Koch

Henning Koch — Fri, 14 Oct 2005 01:50:23 +0000

But why is it play to customize a page response when based on one part of the HTTP header (the user authentication) but not when based on another (the session ID in the cookie)?

By: david

david — Thu, 13 Oct 2005 22:17:03 +0000

Cookies have serious privacy issues (and many users block them), while URL rewriting messes up bookmarks.