- From: Christian Wolfgang Hujer <Christian.Hujer@itcqis.com>
- Date: Sun, 25 Nov 2001 16:18:27 +0100
- To: Jonas Jørgensen <jonasj@jonasj.dk>, <www-html@w3.org>
Hello Jonas,
> -----Original Message-----
> From: www-html-request@w3.org [mailto:www-html-request@w3.org]On Behalf
> Of Jonas Jørgensen
> Sent: Sunday, November 25, 2001 3:38 PM
> To: www-html@w3.org
> Subject: Is it OK to require per-session cookies?
>
>
> Hi.
>
> A quick question: Do you think it's acceptable to for e-commerce sites
> to require per-session cookies? It is so much easier to track users with
> a session cookie than to put the session id in every link and form...
>
> /Jonas
Personally I think it isn't.
For instance, in Germany, where I live, the *government* (to be more
precise, the "Bundesamt für Sicherheit im Internet" (security in the
internet)) recommends users to disable Cookies and JavaScript for security
reasons.
http://www.bsi.bund.de/fachthem/sinet/sinet1.htm (German)
In Germany, there already is a "schwarze Liste" ("black list") of those bad
sites that are only usable by users that do not care about security.
http://www.aktiv.org/DVD/Schwarze%20Liste/start.html
The German government itself has some sites that require activated
JavaScript and Cookies, and they announced to change all their sites so they
perfectly work without Cookies and JavaScript.
Amazon is a good example for intelligent use of Cookies. You can perfectly
shop at Amazon.de (I don't know wether this is also true for Amazon.com)
without Cookies. You only need Cookies for some Cookie based extra features,
like storing login information so login isn't required.
I have experience using session ids by url rewriting in Perl, PHP, Java
Servlets and JSP, and in none of them URL rewriting or hidden form field
usage is complicate.
If you use Perl, PHP, Java Servlets or JSP, you may post me your code and I
will show you how to include URL rewriting for adding session ids.
Greetings
Christian
Received on Sunday, 25 November 2001 10:19:51 UTC