Page 1 of 1

How important is putting the session id in the url?

Posted: Fri Apr 13, 2007 12:38 pm
by Luke
How important is it that you include ?Session_ID=%session_id% in the url? I'm making a store right now with clean urls, and it isn't with php, so I kind of have to choose between urls like this:

http://www.example.com/store/account?Se ... c983c6504c

or this:

http://www.example.com/store/account

I would really prefer not to have the session id in the url, but I will if there is a good reason (like over 10% of users have cookies disabled or something), I will. I thought I remembered feyd saying something about session cookies not being disabled with users turn of regular cookies... is that correct?

Posted: Fri Apr 13, 2007 3:11 pm
by feyd
If a user turns off cookies, all cookies are off, typically, unless the browser allows them to choose specific options for each.

I would suggest leaving it on as it will help PHP maintain their session whether the cookie is accepted or not.

Posted: Fri Apr 13, 2007 3:43 pm
by Luke
as I mentioned, this is not a PHP application unfortunately, so my only options are including it for ALL urls or not including it at all. I really don't want to pass it around in the url, but if there is a significant amount of users who have cookies disabled, I suppose I don't have much choice. :(

Posted: Fri Apr 13, 2007 4:06 pm
by nickvd
Since we're in client side, I'll assume you're using javascript.

You could always just implement the code to add the session id to each url, but have the function/method check if cookies are enabled, if they are just return the url without appending anything. If disabled, return the new (appended) url.

Posted: Fri Apr 13, 2007 4:18 pm
by Luke
hmm... no I'm not using javascript (yet). I put it in client side because cookies = client side. I hadn't thought of using javascript. The application I'm using is Miva Merchant and I do not have another choice, this is what we're using. So, do you have any idea how I could accomplish what you just said with javascript? Merchant is generating the cookies and the session id, so probably not easily, huh? :(

Posted: Fri Apr 13, 2007 5:14 pm
by RobertGonzalez
What language are coding in?