On Thu, 15 Nov 2001, John Michael wrote: > Date: Thu, 15 Nov 2001 14:02:04 -0600 > From: John Michael <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Cookie authentication > > This may seem off subject but, If you bare with me, I don't think it > is. I am interested in using the cookie based system referred to in > the programming the apache api book but oftend wonder this. Can you > count on everyone to use cookies. It seems that some surfers are > afraid of cookes are that maybe some browsers don't even handle them. > I wrote a mod perl script to do member traking in my members site to > see what pages were being viewed the most and used cookies also to > make sure that more than one person was not using a particular > username and find that some people either arn't using a browser that > uses cookies or do not have them turned on. What are your thoughts on > this because I thought of implementing the token cookie system but did > not because I was afraid I would loose members that did not have or > use this feature. Can you legimately require surfers to have cookies > turned on and do you know of many sites that do this successfully > without loosing members. Thanks > > John Michael
John, For what might be called "premium services," I believe it is justified to require user's to accept cookies. I've used cookie-based authentication on several sites that offer some special to the user, like a private view of data or something else that requires they identify themselves. That being the *only* thing I've ever required of users (e.g, I *never* require something like JavaScript, only using it to enhance the UI but always with alternatives), I think it's OK. If they don't want to use cookies, they don't have to use the service I'm providing. That being said, some people might not accept frivolous cookies myself just for reading a web page, but I'd imagine most don't even monitor such things. ky
