Hi José,

> > http://picolisp.com/53823/59880452264949525~-2-1h.html based on
> ...
> And this is why putting session data in the URL is a terrible practice,
> correct link: http://picolisp.com/5000/-2-1h.html

I know your criticism of the URL strategy in PicoLisp, but I don't agree
completely with you.

The main purpose of an URL is not to copy/paste it, and usually mistakes
like the above one can be easily avoided.

I like, however, the advantages this strategy offers:

- A clear correlation between browser window and session. No invisible
  magic (cookies) stored somewhere in the guts of the browser.

- You can have several different sessions to the same application in a
  single browser (e.g. logging in as different users with different
  permissions), and see and control the sessions via their URL

- You can see in the URL whether you are logged in or not, and
  distinguish between the individual sessions. In effect, the session is
  local to the window or tab, and not global in the browser.

- The browser's "Back" button works also across sessions. That is, you
  can switch in the history back and forth between session-pages and
  non-session-pages (within the session's timeout period, of course),
  and always find yourself the correct environment.

- You can "port" a session to another browser. I'm using at least two
  browsers most of the time, vimperator and w3m.

- You can use external tools or processes to access data in the session.

- There is also a security aspect. With cookie solutions I often saw it
  happen that I started the browser, connected to the app, and found
  that I was still logged in, because I forgot the last time to
  explicitly log out.

- And, last but not least: Applications work also when cookies and
  JavaScript are disabled.

- Alex
UNSUBSCRIBE: mailto:picolisp@software-lab.de?subject=Unsubscribe

Reply via email to