At 05:43 PM 5/7/00 -0400, Greg Stark wrote:
>I've written some pretty heavy database driven sites that do some pretty
>complicated things and I've *never* found it really necessary to have a server
>side session database. In theory you might find it convenient to cache big
>complex data structures for the session, but in practice most people use it
>for storing things like usernames and shopping cart contents.
>
>My suggestion is to put the state information in the cookie directly. Include
>a crypto hash (with a secret) to sign the cookie and be done with it. If the
>information is sensitive then encrypt the whole thing.
>
>Then your sessions are completely stateless, they can migrate between mod_perl
>processes, even across servers. They can even survive server reboots. And They
>don't require additional infrastructure to store the database of sessions.
>
> ...
And with all the paranoia about cookies (not to forget attachments and
I_LOVE_YOUs) what do you do for all those people who have cookies disabled?
I've always tried to support the user as good as possible whether cookies
are enabled or not - and I don't see a way how you would associate a
user-session with state-information in your case?
Cheers
Tobias
