July 14, 2004

Here's a good real-world Web developer question about sessions, cookies, etc

Hi. I'm an e-commerce developer for a couple web sites. We have long
been bugged about the whole issue with session ids. It seems that too
many of our visitors are simply turning things like Javascript and
Cookies off. Javascript we can live without. Cookies is another
issue. So we developed the system to not rely on cookies. Now wherever
you go on our site, a session id follows you via the url. While this
seems to work, it just isn't pretty. I've checked out Amazon and a few
others and they use the same technique.

This got me thinking that some REST-aware folks might want to join the mailing list and start fielding questions or concerns near the protocol and Web architectural level - but without being preachy or presenting a "you just don't understand" attitude. It would be nice to see someone say "Well, let's see what happens if we do it that way..." discussion.

No comments: