Jean-Michel Hiver <[EMAIL PROTECTED]> writes: > > However, if the structure were > > > > http://bigmegamarket.com/index.pl/56765454151/grocery/fruits/bananas, > > say, with the number being the session ID, the URL then is hackable > > within that (good) definition. > > Yes, however there are quite a number of issues with bookmarks and > search engines... But that's for sure another interesting and less-ugly > option.
Very true. I was solving only the stated problem, and didn't think much about the other problems that would then appear. > > I'm a big fan of cookies myself, for the thing they were made for, > > namely session tracking. I share your frustration :-(. > > Yep. It's a shame that cookies which were a good idea at first get such > a bad name because of all these moronic marketing companies which dream > of knowing you inside out to send you more shit spam abuse them. But I'm > off topic here :-) And that's all it is; a bad *name*. With the option to refuse to deliver cookies to a domain different from the domain of the top-level page, they have no actual problems. And they solve the problem they're supposed to solve nearly perfectly. Obviously for individual projects one has to do what the people with the checkbook say, but we shouldn't be just rolling over on cookies; we should be arguing the point strenuously. -- David Dyer-Bennet, [EMAIL PROTECTED] / New TMDA anti-spam in test John Dyer-Bennet 1915-2002 Memorial Site http://john.dyer-bennet.net Book log: http://www.dd-b.net/dd-b/Ouroboros/booknotes/ New Dragaera mailing lists, see http://dragaera.info
