> > http://picolisp.com/53823/59880452264949525~-2-1h.html based on
> And this is why putting session data in the URL is a terrible practice,
> correct link: http://picolisp.com/5000/-2-1h.html
I know your criticism of the URL strategy in PicoLisp, but I don't agree
completely with you.
The main purpose of an URL is not to copy/paste it, and usually mistakes
like the above one can be easily avoided.
I like, however, the advantages this strategy offers:
- A clear correlation between browser window and session. No invisible
magic (cookies) stored somewhere in the guts of the browser.
- You can have several different sessions to the same application in a
single browser (e.g. logging in as different users with different
permissions), and see and control the sessions via their URL
- You can see in the URL whether you are logged in or not, and
distinguish between the individual sessions. In effect, the session is
local to the window or tab, and not global in the browser.
- The browser's "Back" button works also across sessions. That is, you
can switch in the history back and forth between session-pages and
non-session-pages (within the session's timeout period, of course),
and always find yourself the correct environment.
- You can "port" a session to another browser. I'm using at least two
browsers most of the time, vimperator and w3m.
- You can use external tools or processes to access data in the session.
- There is also a security aspect. With cookie solutions I often saw it
happen that I started the browser, connected to the app, and found
that I was still logged in, because I forgot the last time to
explicitly log out.
- And, last but not least: Applications work also when cookies and