Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change

Re^2: Another question about session-id

by Your Mother (Archbishop)
on Dec 16, 2007 at 19:59 UTC ( #657306=note: print w/replies, xml ) Need Help??

in reply to Re: Another question about session-id
in thread Another question about session-id

Amazon does both cookies and session ids in the path (and every URI on the page). As long as you are expiring these at the end of a "visit" and mixing in things like IP and user agent on the server side, this can work fine. Plus, with their model, they require a secure sign-in every time you perform account altering actions ("no" for putting something in the cart, "yes" for paying for something or changing an address).

If you do both, you can basically ignore whether or not the client supports cookies. Then again, cookies are so basic to web functionality today that I don't think the dual model is really justified compared to the extra overhead (URI rewriting) and complexity it adds.

  • Comment on Re^2: Another question about session-id

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://657306]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others browsing the Monastery: (3)
As of 2021-10-22 01:28 GMT
Find Nodes?
    Voting Booth?
    My first memorable Perl project was:

    Results (85 votes). Check out past polls.