Hi Alex,

>> > http://picolisp.com/53823/59880452264949525~-2-1h.html based on
>> ...
>> And this is why putting session data in the URL is a terrible practice,
>> correct link: http://picolisp.com/5000/-2-1h.html
> I know your criticism of the URL strategy in PicoLisp, but I don't agree
> completely with you.

I agree with José, I think the URL handling in PicoLisp is broken.

> The main purpose of an URL is not to copy/paste it, and usually
> mistakes like the above one can be easily avoided.

Copy and pasting URL is one of the most important features.  It should
uniquely identify a resource after all.  In this case it completely
failed to identify the wiki page.

One consequence I have seen on this mailing list is that people very
rarely link to pages but rather describe in words how to find the

> I like, however, the advantages this strategy offers:

There are several ways to keep track of sessions, each with advantages
and disadvantages.

What you didn't mention for example, is that keeping session in the URL
makes it visible to all sorts of middle men and logged who knows where.
It's certainly not concern for the kind of applications PicoLisp is used
to implement but it is a certain flaw one should keep in mind.

A problem with cookies might be that they are legaly problematic under
the German law because of abuses and privacy issues.

On the whole, if PicoLisp implements this strategy using session in the
URL, it should also include a fallback that would cope with expired
sessions and identify correct pages.  We had the discussion some time
ago.  This fallback might have to be application specific thing so maybe
the wiki software is broken from this point of view, not sure.


UNSUBSCRIBE: mailto:picolisp@software-lab.de?subject=Unsubscribe

Reply via email to