NYCPHP Meetup

[Hans Zaunere]

David Mintz wrote:

> Do you guys use URL rewriting to ensure that the session id is propagated
> from page to page even if the user refuses your cookie?

Although probably not very popular, if I need sessions I use cookies.  If I detect the user doesn't have cookies enabled, I present a pleasant notice saying so :)

> I've read somewhere that it can cause 'confusion' or 'problems' if the
> user bookmarks a URL with a session id in the query string, and tries to
> access the page after the session is over, but those readings did not say
> whether you should really worry about it or what the worst case scenario
> is.

Sure, this could happen; the impact on your site's data is dependant on the backend logic, though.  If someone bookmarks, or send a URL to a friend, they are effectively using the same session.

> I've been to sites that say "you must accept a cookie..." but that seems
> kind of authoritarian, not to mention geeky (-:

:)


H