Jay Jacobs <[EMAIL PROTECTED]> wrote:
> So as I see it there are essentially 2 *mostly* reliable ways, cookies
> and url-rewriting. Both have drawbacks and neither are 100%. There
> really isn't a way to cross-reference anything else (IP or login) becuase
> there are valid reasons for a user to come from multiple ip addresses
> during a session (albeit rare), and sessions may be needed without
> requiring a user to login.
> It also doesn't make sense to try to rely on both cookies and
> url-rewriting, that would just get sloppy and waste time. The only thing
> to do is to pick one or the other and deal with the drawbacks associated
> with that...
Why wouldn't it make sense? Some users have cookies turned off, then
you just send them a rewritten URL. That's what I do now: send a
session cookie with every request. If I got a session cookie from the
client, then that's it; if not, I also add the session data at the end
of the internal links.
--
Roger Espel Llima, [EMAIL PROTECTED]
http://www.iagora.com/~espel/index.html
