Thank you John, Actually, your analogy is pretty good.
Just include how the driver understands a car can be hotwired and stolen - so their thinking that unhooking the battery prevents the car from being stolen is wrong. It's not the batteries fault the car can be stolen. Obviously the problem is somewhere else. Cheers... Scott Cadillac, XML-Extranet ~ 403-254-5002 ~ [EMAIL PROTECTED] ------------ Well-formed Programming in C# ASP.NET, Witango and XML For Hire ~ http://xmlx.ca/forhire ------------ IExtranet ~ http://IExtranet.net ------------ Weblog ~ http://xmlx.ca Forums ~ http://forums.xmlx.ca Knowledge Base ~ http://kb.xmlx.ca ------------ P.O. Box 69006 RPO Bridlewood SW Calgary, Alberta Canada T2Y 4T9 -----Original Message----- From: John McGowan <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Date: Wed, 13 Oct 2004 08:25:04 -0500 Subject: Re: Witango-Talk: Cookies > Listen to Scott on this one. If you can educate just one user that > turning session cookies back on isn't going to blow up their computer > or > get their credit card stolen then our society becomes one step closer > to > nirvana. > > If you were an auto dealer and a customer brought their car in and said > they didn't "like to have the battery plugged in", but wanted to know > why they couldn't start their car, would you install a hand crank for > them to start their car? > > I know... It's a weak analogy... :) > > /John > > Scott Cadillac wrote: > > >Hi Steve, > > > >If you recall, the point and the conclusion on that long discussion > was "security" - if a user > >has session-cookies disabled, then so be it. Just display a message > telling them to turn it > >back on before allowing them to proceed (provide instructions). > > > >This is the most secure way to handle session management for any web > platform (SSL is a > >different matter). > > > >The issue is about security - why compromise security for user > convenience. Giving them > >convenience now just delays more serious problems until a later date. > > > >---- > >Yes, additional user variables may be assigned on the Server because > of missing session- > >cookies. Unfortunately, it is one down-side to pay for better security > for your visitors. > > > >----- > >As for testing for cookies, writing a bit of code for this is not > difficult - but keep in mind > >there is a different between "session" cookies and regular cookies, > and that most every modern > >browser has settings for both kinds (and that some browsers use > different terminology to > >describe these two kinds of cookies). > > > >Hope this helps. Cheers.... > > > >Scott Cadillac, > >XML-Extranet ~ 403-254-5002 ~ [EMAIL PROTECTED] > >------------ > >Well-formed Programming in C# ASP.NET, Witango and XML > >For Hire ~ http://xmlx.ca/forhire > >------------ > >IExtranet ~ http://IExtranet.net > >------------ > >Weblog ~ http://xmlx.ca > >Forums ~ http://forums.xmlx.ca > >Knowledge Base ~ http://kb.xmlx.ca > >------------ > >P.O. Box 69006 > >RPO Bridlewood SW > >Calgary, Alberta > >Canada T2Y 4T9 > > > > > > > >-----Original Message----- > >From: "Fogelson, Steve" <[EMAIL PROTECTED]> > >To: "Witango User Group (E-mail)" <[EMAIL PROTECTED]> > >Date: Tue, 12 Oct 2004 15:40:48 -0500 > >Subject: Witango-Talk: Cookies > > > > > > > >>I have built my shopping cart application without <@userreference> > tag > >>at > >>the end of each url. It seemed after all the discussion about a year > >>ago > >>that this was the way to go. Especially with search engine spiders > and > >>hijacked sessions. > >> > >>I talked to one of our online customers today and discovered that he > >>was > >>being assigned a new session id every time he added an item to his > >>cart. > >> > >>I'm trying to figure out a strategy for handling customers that have > >>disabled cookies, besides requiring them to sign in when entering the > >>site. > >> > >>Is there a way to check to see if they have cookies disabled? > >> > >>Any ideas on how to handle customers that have disabled cookies? > >> > >>I am also concerned about all the user variables being created for > this > >>type > >>of customer. Thanks in advance for your help. > >> > >>Steve Fogelson > >>Internet Commerce Solutions > >> > >> > >>_____________________________________________________________________ > __ > >>_ > >>TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf > >> > >> > > > > > >______________________________________________________________________ > __ > >TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf > > > > > > > _______________________________________________________________________ > _ > TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf ________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
