How important is putting the session id in the url?

JavaScript and client side scripting.

Moderator: General Moderators

Post Reply
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

How important is putting the session id in the url?

Post by Luke »

How important is it that you include ?Session_ID=%session_id% in the url? I'm making a store right now with clean urls, and it isn't with php, so I kind of have to choose between urls like this:

http://www.example.com/store/account?Se ... c983c6504c

or this:

http://www.example.com/store/account

I would really prefer not to have the session id in the url, but I will if there is a good reason (like over 10% of users have cookies disabled or something), I will. I thought I remembered feyd saying something about session cookies not being disabled with users turn of regular cookies... is that correct?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

If a user turns off cookies, all cookies are off, typically, unless the browser allows them to choose specific options for each.

I would suggest leaving it on as it will help PHP maintain their session whether the cookie is accepted or not.
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

as I mentioned, this is not a PHP application unfortunately, so my only options are including it for ALL urls or not including it at all. I really don't want to pass it around in the url, but if there is a significant amount of users who have cookies disabled, I suppose I don't have much choice. :(
nickvd
DevNet Resident
Posts: 1027
Joined: Thu Mar 10, 2005 5:27 pm
Location: Southern Ontario
Contact:

Post by nickvd »

Since we're in client side, I'll assume you're using javascript.

You could always just implement the code to add the session id to each url, but have the function/method check if cookies are enabled, if they are just return the url without appending anything. If disabled, return the new (appended) url.
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

hmm... no I'm not using javascript (yet). I put it in client side because cookies = client side. I hadn't thought of using javascript. The application I'm using is Miva Merchant and I do not have another choice, this is what we're using. So, do you have any idea how I could accomplish what you just said with javascript? Merchant is generating the cookies and the session id, so probably not easily, huh? :(
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

What language are coding in?
Post Reply