>>>>> "Gunther" == Gunther Birznieks <[EMAIL PROTECTED]> writes:
Gunther> There's a lot of similar FUD about using cookies (not accepted on
Gunther> PDAs, people scared of them, etc). Personally, I don't like to program
Gunther> using cookies and I have my browser explicitly warn me of the cookie
Gunther> before accepting (which does slow down my browsing experience but is
Gunther> most interesting),, but the reality is that shedloads of sites use
Gunther> them to enhance the user experience but don't make it a problem if
Gunther> they don't go and use them.
I'm fine with requiring and using cookies for short-term session
management, but for long term authentication, they presume "one user
== one browser", and that's patently false.
If you must use them for long term identification, make it very clear
that I'm "logged in", and give me a quick way to "log out", and let me
"log in" from a different browser, and automatically "log me out"
after 4 hours or so in case I forget. :) And don't do that merely by
browser cookie expiration... make the server distrust any cookie after
that time, which means you have to generate a unique cookie on each
login.
Gunther> Speaking of which, I guess the non-use of Cookies and
Gunther> JavaScript would make a great NY Resolution...
What does New York have to do with it? :)
--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<[EMAIL PROTECTED]> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
