on 18/07/02 11:38 PM, PHPCoder ([EMAIL PROTECTED]) wrote:

> What are the general feeling out there amongst developers about the use
> of cookies?

If you want to assure that you maintain session across the whole site,
appealing to the lowest common denominator, then hard code the SID to all
relative URLs across the whole site, or write a URL function which you can
just pass variables:

<A HREF="<?=link('page.php?stuff=things')?>">Click here</a>

> I'm concerned about the following scenario specifically:
> I develop my great application using session controll - which uses
> cookies by default, or alternatively adds the sid to the relative URL's
> on the page, YET, from responses to my previous posting, I gather that
> the "alternative" url method is not 100% the same as the cookie method
> inthat it doesn't work with IFRAMES etc.

I should've clarified that statement a bit... I had a dig through the PHP
source, trying to figure out what they were doing, and amongst the tags I
*think* they were searching for, I couldn't see IFRAMEs... perhaps what they
were doing with FRAME covered it -- I didn't dig deep enough, and haven't
recompiled to test.

> Leaving me to think that there
> will potentially be people out there that will NOT be able to use the
> application, that could lead to messy discussions between developer and
> client...

Yup.  Developer should perhaps offer the two alternatives, clearly outline
the difference, and make an estimate of the difference in cost.  Let THEM
decide if losing 1% (or 5%, or 10% -- whatever) of their users is
acceptable, rather than resting it upon your shoulders.

Same argument stands for relying on javascript, IFRAMEs, FRAMEs, whatever.

> Before I started to read up on sessions, I simply used my own form of
> session management by sending all relevant variables either via URL or
> via form fields to the subsequent pages. Obviously this method leaves a
> bunch of holes as well, but I KNOW that my application is always pure
> and simple HTML, doesn't have browser issues, doesn't have cookie
> issues, so 100% of the internet community can use it.

Well, if you're used to passing stuff around in a URL, then why not:

a) run some tests with enable-trans-sid
b) develop a method you're comfortable with for passing SIDs around in the

> Does anyone out there have a view/practise when it comes to
> session/cookies? - basically I am still not convinced that using
> sessions/cookies is a good idea, but I would love to be educated as to
> why I should...

If you want 100% accessability, forget cookies were ever invented :)
While you're erasing stuff from your brain, throw out javascript too :D

Justin French
Creative Director

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to