On Sat, Apr 22, 2000 at 02:28:44PM -0600, dreamwvr wrote:
> hi, most likely you will want to shut down cookies and use another
> method as per advisories that currently there is a problem with
> javascript and cookies when both enabled. b.t.w. exploder has simular
> problems so since javascript is nice to have cookies are a problem
> these days. besides most clueful users these days have cookies turned
> off..
OTOH, cookies give you instant-logout, just clear the cookie. URL
rewriting is nice and works everywhere, but it has its problems too:
. the back button logs ou back in (not nice if someone else can touch
your computer) (that's assuming we don't want to do a db check on
every page)
. e-mail a URL to someone else, and they're logged in as you
. if you tie it to an IP to prevent the above, you break dynamic cache
setups
IMO a nice way to get this done is to send a cookie with each page, so
by the time the user tries to log in, we know if cookies are on or not.
If they're on, send a cookie; if not, turn on URL rewriting.
As for JavaScript, don't get me started on sites that require it for
navigation....
--
Roger Espel Llima, [EMAIL PROTECTED]
http://www.iagora.com/~espel/index.html
