- From: Jonas Jørgensen <jonasj@jonasj.dk>
- Date: Sun, 25 Nov 2001 19:47:58 +0100
- To: www-html@w3.org
Christian Wolfgang Hujer wrote: > > > A quick question: Do you think it's acceptable to for e-commerce sites > > to require per-session cookies? It is so much easier to track users with > > a session cookie than to put the session id in every link and form... > > Personally I think it isn't. > > For instance, in Germany, where I live, the *government* (to be more > precise, the "Bundesamt für Sicherheit im Internet" (security in the > internet)) recommends users to disable Cookies and JavaScript for security > reasons. > http://www.bsi.bund.de/fachthem/sinet/sinet1.htm (German) Really? Even per-session cookies? I can easily understand why people are scared of cookies stored on their hard disks, but aren't per-session cookies completely harmless? > I have experience using session ids by url rewriting in Perl, PHP, Java > Servlets and JSP, and in none of them URL rewriting or hidden form field > usage is complicate. > If you use Perl, PHP, Java Servlets or JSP, you may post me your code and I > will show you how to include URL rewriting for adding session ids. Unfortunately I have to use ASP. :-( /Jonas
Received on Sunday, 25 November 2001 13:48:05 UTC