|
|
Posted by Gordon Burditt on 11/29/06 01:00
>Most everyone uses cookies; it makes url's easier to manage and read.
Surfers do not unblock cookies "because it makes url's easier to
manage and read". Surfers do not manage URLs and only rarely read
them. They may unblock cookies but not for that reason. Webmasters
do not get to unblock cookies for surfers, except perhaps for making
the site unusable without them, in which case many surfers will
just leave.
>Another problem pops up when people who don't understand session ids
>(most everyone) sends a link to someone else - the session ID is
>transmitted too, and suddenly they're logged in on someone elses
>account.
Webmasters who don't time out sessions are asking for trouble here.
Although the problem can still exist, even a 2-hour timeout (restarted
every time a user reloads a page) can prevent a lot of problems with
URLs posted to USENET.
>phpBB uses cookies to store its session ids. However when you're
>logged into the admin control panel, the session id is stored in the
>url (and I would assume, the cookie too) this is presumably an
>additional security feauture.
>
>"As not everyone uses cookies, as they are so commonly used to track
>what sites
>a person visits, so cookie based sessions won't work for everyone."
>While there are certainly people who don't allow any cookies, these
>people are more than used to having websites not work. There is no
>reason to cater to a group like that.
>
Navigation:
[Reply to this message]
|