Hey Man, Yes, cookies can be disabled. So don't rely on a 100% return in your coding investment.
But most every modern Browser has separate settings for regular Cookies and Session Cookies now - because Session Cookies are so important to dynamic Web Applications. Every major Web development platform on the market uses session-cookies for hooking Session management to user variables, including Tango, Witango, ColdFusion, JSP, ASP, ASP.NET, PHP, Lasso, Python, WebObjects, etc.... It's just the terminology you have to watch for. Some browsers will refer to these as "per-session", "session", "cookies for the originating website only", or "only cookies that get sent back to the originating server". <@userreferenceargument> gets you around the possibility that someone might disable everything, in which case you have to use in every single link in your system. But <@userreferenceargument> also introduces some security issues too (another List thread, covered many times before...). Not that I'm recommending it to anyone, but personally I rarely use <@userreferenceargument> in my applications, and for the last few years it has been EXTREMELY rare that it has been an issue with my users. Cheers.... Scott Cadillac, Witango.org - http://witango.org 403-281-6090 - [EMAIL PROTECTED] -- Information for the Witango Developer Community --------------------- XML-Extranet - http://xml-extra.net 403-281-6090 - [EMAIL PROTECTED] -- Well-formed Development (for hire) --------------------- -----Original Message----- From: witango man [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 30, 2003 10:19 PM To: [EMAIL PROTECTED] Subject: Re: Witango-Talk: cookies >> It reminds me alot of hidden args but cooler, more flexible and actualy >> hidden hehe... Yes but you might want to bear in mind that users have the ability to switch cookies off. (People like the cookie monster when he was in rehab) On this note.... This would include session cookies too...which is why it can be a good idea to include <@userreferenceargument> at the end of each hyperlink and form action.....I always include and recommend it (especially in the case of Tango2000) and find it brings more peace of mind - it's one less thing to check when bug fixing an app (for Sesame Street clients). Atrix Wolfe <[EMAIL PROTECTED]> wrote: Very cool stuff I can see how when the browser requests the page it also passes all the values of the cookies. It reminds me alot of hidden args but cooler, more flexible and actualy hidden hehe... Thanks for the info you guys (: ----- Original Message ----- From: "Scott Cadillac" To: Sent: Wednesday, July 30, 2003 7:54 PM Subject: RE: Witango-Talk: cookies Hi Atrix, The passing of cookie assignments and values is done inside the HTTP Headers, which are used by the Browser and Web Servers to communicate your URL requests and webpage responses. Typically the HTTP Headers are hidden from view by most Browsers (and Users), and not easily see even by web developers. You need a tool like http://www.httpsniffer.com/ to see the Headers and to watch Cookies in action. It's well worth the time to set up to fully appreciate what is happening in the hidden background. In addition to what Ben said about Session Cookies > Without specifying the EXPIRES attribute > this is a SESSION cookie (kinda of like > Local/Request Scope) when you leave the > domain that dropped the cookie the > HELLO=THERE; will be deleted from the > Cookie Jar. These cookies are not saved to any local Folders or harddrive, and only reside in memory during the current Browser window session (a virtual cookie-jar). These cookies only pass back their data to the Domain that assigned them, so they are safe from capture by all other domains. Which is why Session Cookies are not considered the same thing as regular cookies, because regular cookies can be captured by other sites. Regular Cookies are what those Marketing guys with the annoying popup adds are using. In the same Browser window session (regardless of Browser brand), if you cruise to another site the Session Cookie is temporarily unavailable to anybody else - but if you come back to the site that assigned it, it will be available again to pass back. Once you close the Browser window that was used for "containing" these Session cookies - the cookies are purged from memory automatically. The Witango <@USERREFERENCE> is a unique Session key and is stored as a Session Cookie, called either "Tango_UserReference" or "Witango_UserReference". That's why, when you close your Browser windows right after logging into a website, and then reopen a new Browser session - you have to log back in, even though you only logged in a moment ago. Because the "unique" Session key has been lost and new unique key has to be generated. Hope this adds to Ben's Excellent Cookies (catchy name, eh). Cheers.... Scott Cadillac, Witango.org - http://witango.org 403-281-6090 - [EMAIL PROTECTED] -- Information for the Witango Developer Community --------------------- XML-Extranet - http://xml-extra.net 403-281-6090 - [EMAIL PROTECTED] -- Well-formed Development (for hire) --------------------- ________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf ________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software ________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf ________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf
