Re: AW: Two suggestions
- Uwe Riehm wrote:
> Hi Josh,I believe the functionality should stay this way in part because of what
> I think I didn't explain very well what I meant because I guess you misunderstood me.
> I know and have already tested this SessionQueryForce setting which works very well.
> In general I like the way Apache ASP is using to store the session id information, which
> means if the user accepts a cookie it is stored there and if not it is stored in the urls
> by parsing the scripts.
> BUT: if a user declines to accept cookies it is stored in the urls and additionally every time
> the user clicks on one of those links / urls inside a script and calls another script a
> new cookie is tried to set. And this is the thing that can be very annoying - at least if
> the user wants to be informed about every cookie that is set on his computer.
> Therefore my idea / suggestion was to just set a cookie once - when the session is started
> and afterwards just take the seesionid from the cookie sent back or take it from the url.
> If you have a look at what Apache ASP does if it can sucessfully send a cookie: it does not
> send it anymore later on in the same session!
it can do currently that it would not be able to do otherwise. There is
an important usage that some might be using ( I certainly have ), where they
need to link the session-id into the URL explicitly to work around times
when browsers lose cookies. IE in particular will *sometimes* drop session
get the session to persist across these frames or popups is to explictly
link the session-id into the URL. In the new window/frame, the session
cookie is restored with the current functionality.
So, I am reluctant to change how it works now because it serves a useful
purpose. So if you really don't want your users to deal with cookies at
all, I would recommend using SessionQueryForce parameter which was designed
for this purpose.
Josh Chamas, Founder phone:925-552-0128
Chamas Enterprises Inc. http://www.chamas.com
NodeWorks Link Checking http://www.nodeworks.com
To unsubscribe, e-mail: asp-unsubscribe@...
For additional commands, e-mail: asp-help@...