> Just to reiterate - you should never pass variables that identify
> a certain user through forms or URLs. If you do, you leave your
> system open for other people to copy those params and screw with
> other's peoples records.
>
> Use session variables. You can store the session variables in
> the registry or in a database if you're worried about people not
> having cookies turned on, but I really wouldn't worry about the
> cookie-fearing types and the browsers that don't accept cookies.
> (God, do those browsers still exist?)
Mark,
So your sites require cookie acceptance for session management? That's okay
for controlled environments (e.g. intranets), but do you really turn away
public ecommerce shoppers who disable cookies?
I understand the problem with folks sharing links containing a session
token, but disabling url tokens altogether poses quite a hit to a site's
bottom line. (Remember, you'll only hear about maybe 1 out of 20 users who
experience a problem with your cart, or who take issue with your "you must
use cookies" warning and leave, never to return.)
Cookie-phobia has been on the rise lately, thanks to the MSIE cookie-reading
hack (over-)publicized a couple of months ago. I'd be curious to see
statistics on the percentage of cookie-disabled browsers out there... anyone
got a link?
Just my 2 cents,
Ron
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
