On 3/18/05 11:33 AM, "Robert Shubert" <[EMAIL PROTECTED]> wrote:
> Roland,
>
> You might want to devise a way of adding the userreference to the URL
> (links, etc) only when the session cookie is not available.
It's always available in witango, even when the browser doesn't accept it.
>This would
> limit the userreference exposure to only those that require it, and
> would reduce bookmarking/session hijacking from having it in the url all
> the time.
>
> You could also pass your own unique user identifier in the url. Ignore
> it when the session cookie is there to do its job, but if it's missing,
> use your ID to access domain level vars or recreate the user var scope.
> Or to simply use in your tracking software.
>
> Personally I would probably just put up an error that we don't permit
> non-session cookie users to make use of the site. But that would depend
> on the kind of site and how many people that would aggravate.
The challenge is to find the condition or event that would enable you to put
up such a notice.
>
> Isn't it also true that many robots/spiders don't use cookies? I know
> the better ones support them, but not all I don't think. So you might be
> seeing these in your logs.
Most don't seem to, but we can identify them because they are "bot" or
"slurp" in their signatures.
________________________________________________________________________
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
