Hi José, > > http://picolisp.com/53823/59880452264949525~-2-1h.html based on > ... > And this is why putting session data in the URL is a terrible practice, > correct link: http://picolisp.com/5000/-2-1h.html
I know your criticism of the URL strategy in PicoLisp, but I don't agree completely with you. The main purpose of an URL is not to copy/paste it, and usually mistakes like the above one can be easily avoided. I like, however, the advantages this strategy offers: - A clear correlation between browser window and session. No invisible magic (cookies) stored somewhere in the guts of the browser. - You can have several different sessions to the same application in a single browser (e.g. logging in as different users with different permissions), and see and control the sessions via their URL - You can see in the URL whether you are logged in or not, and distinguish between the individual sessions. In effect, the session is local to the window or tab, and not global in the browser. - The browser's "Back" button works also across sessions. That is, you can switch in the history back and forth between session-pages and non-session-pages (within the session's timeout period, of course), and always find yourself the correct environment. - You can "port" a session to another browser. I'm using at least two browsers most of the time, vimperator and w3m. - You can use external tools or processes to access data in the session. - There is also a security aspect. With cookie solutions I often saw it happen that I started the browser, connected to the app, and found that I was still logged in, because I forgot the last time to explicitly log out. - And, last but not least: Applications work also when cookies and JavaScript are disabled. Cheers, - Alex -- UNSUBSCRIBE: mailto:picolisp@software-lab.de?subject=Unsubscribe
