Re: Witango-Talk: Cookies

[Rick Sanders]

Hey Steve,
The only way you can do it is to grab an Active X object, and install it to 
the user's browser "Downloaded Prrograms" folder. Then, the Active X control 
can read the user's settings and send the results back to you.

Since it's an individual setting per user, you have to have something on the 
client's machine to tell you if cookies are disabled or not.

You can check for the existance of the cookie on a page following the one 
you assigned the cookie as a work-around. But, unless the user changes the 
page, you won't know.

From your original post, I understand that you don't want to use the 
<@USERREFERENCEARGUMENT> in your links for fear of a search engine spidering 
that link.

I have the <@USERREFERENCEARGUMENT> tag in my links, and fairly high search 
engine rankings in different engines. However, none of the search engines, 
including Google has spidered the session ID:
http://www.google.ca/search?hl=en&q=webenergy&meta

Rick Sanders

Thanks for all the comments guys. I was thinking along the lines of Scott. 
I
was wondering if there was a way to check to see if cookies were enabled. 
I
was just going to let them know and not let them continue until cookies 
were
invoked.

How would this affect search engine spiders? Maybe I need to let them
continue (and just notify them that the shopping cart will not retain 
their
selections) or the spiders will not get their work done. Any comments?

I like the idea of providing instructions for them.
Now I need to figure out how to check for cookies. Thanks Ben for the 
link.

Thanks
Steve
-----Original Message-----
From: John McGowan [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 13, 2004 8:25 AM
To: [EMAIL PROTECTED]
Subject: Re: Witango-Talk: Cookies
Listen to Scott on this one.  If you can educate just one user that
turning session cookies back on isn't going to blow up their computer or
get their credit card stolen then our society becomes one step closer to
nirvana.
If you were an auto dealer and a customer brought their car in and said
they didn't "like to have the battery plugged in", but wanted to know
why they couldn't start their car,  would you install a hand crank for
them to start their car?
I know... It's a weak analogy...   :)
/John
Scott Cadillac wrote:
Hi Steve,
If you recall, the point and the conclusion on that long discussion was
"security" - if a user
has session-cookies disabled, then so be it. Just display a message 
telling
them to turn it
back on before allowing them to proceed (provide instructions).
This is the most secure way to handle session management for any web
platform (SSL is a
different matter).
The issue is about security - why compromise security for user 
convenience.
Giving them
convenience now just delays more serious problems until a later date.
----
Yes, additional user variables may be assigned on the Server because of
missing session-
cookies. Unfortunately, it is one down-side to pay for better security for
your visitors.
-----
As for testing for cookies, writing a bit of code for this is not 
difficult
- but keep in mind
there is a different between "session" cookies and regular cookies, and
that most every modern
browser has settings for both kinds (and that some browsers use different
terminology to
describe these two kinds of cookies).
Hope this helps. Cheers....
Scott Cadillac,
XML-Extranet ~ 403-254-5002 ~ [EMAIL PROTECTED]
------------
Well-formed Programming in C# ASP.NET, Witango and XML
For Hire ~ http://xmlx.ca/forhire
------------
IExtranet ~ http://IExtranet.net
------------
Weblog ~ http://xmlx.ca
Forums ~ http://forums.xmlx.ca
Knowledge Base ~ http://kb.xmlx.ca
------------
P.O. Box 69006
RPO Bridlewood SW
Calgary, Alberta
Canada T2Y 4T9

-----Original Message-----
From: "Fogelson, Steve" <[EMAIL PROTECTED]>
To: "Witango User Group (E-mail)" <[EMAIL PROTECTED]>
Date: Tue, 12 Oct 2004 15:40:48 -0500
Subject: Witango-Talk: Cookies

I have built my shopping cart application without <@userreference> tag
at
the end of each url. It seemed after all the discussion about a year
ago
that this was the way to go. Especially with search engine spiders and
hijacked sessions.
I talked to one of our online customers today and discovered that he
was
being assigned a new session id every time he added an item to his
cart.
I'm trying to figure out a strategy for handling customers that have
disabled cookies, besides requiring them to sign in when entering the
site.
Is there a way to check to see if they have cookies disabled?
Any ideas on how to handle customers that have disabled cookies?
I am also concerned about all the user variables being created for this
type
of customer. Thanks in advance for your help.
Steve Fogelson
Internet Commerce Solutions
_______________________________________________________________________
_
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf


________________________________________________________________________
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf

________________________________________________________________________
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
________________________________________________________________________
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf

________________________________________________________________________
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf