Loading ...
Sorry, an error occurred while loading the content.

Re: AW: Two suggestions

Expand Messages
  • Josh Chamas
    ... I believe the functionality should stay this way in part because of what it can do currently that it would not be able to do otherwise. There is an
    Message 1 of 2 , Apr 11, 2003
    • 0 Attachment
      Uwe Riehm wrote:
      > Hi Josh,
      >
      > I think I didn't explain very well what I meant because I guess you misunderstood me.
      > I know and have already tested this SessionQueryForce setting which works very well.
      > In general I like the way Apache ASP is using to store the session id information, which
      > means if the user accepts a cookie it is stored there and if not it is stored in the urls
      > by parsing the scripts.
      > BUT: if a user declines to accept cookies it is stored in the urls and additionally every time
      > the user clicks on one of those links / urls inside a script and calls another script a
      > new cookie is tried to set. And this is the thing that can be very annoying - at least if
      > the user wants to be informed about every cookie that is set on his computer.
      > Therefore my idea / suggestion was to just set a cookie once - when the session is started
      > and afterwards just take the seesionid from the cookie sent back or take it from the url.
      > If you have a look at what Apache ASP does if it can sucessfully send a cookie: it does not
      > send it anymore later on in the same session!

      I believe the functionality should stay this way in part because of what
      it can do currently that it would not be able to do otherwise. There is
      an important usage that some might be using ( I certainly have ), where they
      need to link the session-id into the URL explicitly to work around times
      when browsers lose cookies. IE in particular will *sometimes* drop session
      cookies when using frames or javascript popup windows, and the only way to
      get the session to persist across these frames or popups is to explictly
      link the session-id into the URL. In the new window/frame, the session
      cookie is restored with the current functionality.

      So, I am reluctant to change how it works now because it serves a useful
      purpose. So if you really don't want your users to deal with cookies at
      all, I would recommend using SessionQueryForce parameter which was designed
      for this purpose.

      Regards,

      Josh

      ________________________________________________________________
      Josh Chamas, Founder phone:925-552-0128
      Chamas Enterprises Inc. http://www.chamas.com
      NodeWorks Link Checking http://www.nodeworks.com


      ---------------------------------------------------------------------
      To unsubscribe, e-mail: asp-unsubscribe@...
      For additional commands, e-mail: asp-help@...
    Your message has been successfully submitted and would be delivered to recipients shortly.