RE: Cookie authentication

[Charles Day]

John,   We rolled out cookie authentication (Auth::Cookie) for our secured support website around Jan 2001 and we never received one complaint (and our people complain about everything:)   It seems you can't do anything online without having cookies turned on ( yahoo, bankone, huntington, ebay, etrade ) and I think internet users have accepted this.   Although Microsoft is doing it's best to screw this up:   http://abcnews.go.com/sections/scitech/TechTV/TechTV_IEflaw011109.html fix: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-055.asp   Charles         -----Original Message----- From: John Michael [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 15, 2001 3:02 PM To: [EMAIL PROTECTED] Subject: Cookie authentication This may seem off subject but, If you bare with me, I don't think it is.  I am interested in using the cookie based system referred to in the programming the apache api book but oftend wonder this. Can you count on everyone to use cookies.  It seems that some surfers are afraid of cookes are that maybe some browsers don't even handle them.  I wrote a mod perl script to do member traking in my members site to see what pages were being viewed the most and used cookies also to make sure that more than one person was not using a particular username and find that some people either arn't using a browser that uses cookies or do not have them turned on. What are your thoughts on this because I thought of implementing the token cookie system but did not because I was afraid I would loose members that did not have or use this feature. Can you legimately require surfers to have cookies turned on and do you know of many sites that do this successfully without loosing members. Thanks   John Michael