Plateforme Level Extreme
Abonnement
Profil corporatif
Produits & Services
Support
Légal
English
To Cookie or NOT to cookie, THAT is the question
Message
 
À
22/08/2003 12:25:40
Joel Hokanson
Services Integration Group
Bellaire, Texas, États-Unis
Information générale
Forum:
Visual FoxPro
Catégorie:
West Wind Web Connection
Titre:
Re: To Cookie or NOT to cookie, THAT is the question
Divers
Thread ID:
00822654
Message ID:
00826351
Vues:
27
Hi Joal,

>What is the “BEST” way to maintain state (user ID) in my application????

There is no best way. Basically there are 4 approaches. Cookies, session cookies, querystring parameters and URL based IDs.

a) Cookies are definitely the worst way as they are blocked by proxies, firewalls, browsers and users. So we skip them.

b) Session cookies (or browser cookies, as Claude called them) are cookies that have no expiration date set. Those cookies are kept in memory only and persist only throughout the duration of the browser session. IE has an option to explicitely allow these types of cookies but disable all others. You have a much better chance of maintaining session this way, even though there's no guarantee that the user accepts a cookie. A very important rule is to only send the cookie ONCE, do not send it on every request, but only when the user didn't send the cookie in. This way you only prompt the user once to accept cookies if his or her browser is set to prompt.

c) QueryString parameters are rarely filtered out. The biggest difficulty is that you must ensure that every link in your HTML document carries on this parameters, otherwise the chain is broken and a new session starts. The other big issue is that search engines commonly ignore all URLs that contain a query string or only accept those that have two or less parameters. So using a querystring might reduce the sites visibility.

d) ASP.NET and some other tools incorporate the querystring into the URL. Until search engines kept up, this is solutions offers the advantages of c), but doesn't share the search engine issue. You still have to include the proper ID in every link. ASP.NET does this automatically, but for a VFP based solution this is often impossible due to performance reasons. In addition, you need a webserver that can handle this. In IIS, for instance, you have to disable the "Check if page exists" option when using script mapping. While it allows you to process such requests, it also disables a lot of IIS security features. Which means you have to handle authentication, etc. yourself.

Christof
--
Christof
Précédent
Suivant
Répondre
Fil
Voir

Click here to load this message in the networking platform