Hi. I'm an e-commerce developer for a couple web sites. We have long
been bugged about the whole issue with session ids. It seems that too
issue. So we developed the system to not rely on cookies. Now wherever
you go on our site, a session id follows you via the url. While this
seems to work, it just isn't pretty. I've checked out Amazon and a few
others and they use the same technique.
This got me thinking that some REST-aware folks might want to join the mailing list and start fielding questions or concerns near the protocol and Web architectural level - but without being preachy or presenting a "you just don't understand" attitude. It would be nice to see someone say "Well, let's see what happens if we do it that way..." discussion.