On Mon, Jul 14, 2008 at 8:48 PM, Kadusale, Myles <[EMAIL PROTECTED]> wrote: > I don't want to use cookies because they can be disabled by the user.
The alternatives I'm aware of are: * recording the session ID directly in the URL of every page, which just opens you up[1] to all sorts of problems. * Using REMOTE_ADDR to identify incoming IPs, which will not only make it impossible to identify one browser window or tab from another, it won't even be able to tell one browser from another. Worse yet, for the many people out there with multiple PCs hooked up through a router to a single net connection, your site won't be able to tell any of their machines apart. * I suppose you could technically use a combination of REMOTE_ADDR and the User Agent string, but that only helps if users are using different browsers. Multiple users using th esame browser version would probably still have problems, and a single user using multiple windows or tabs will most certainly still have problems. Cookies are certainly your best bet here. They were created as a solution to real problems, so by asking to avoid them, you're essentially asking for those other problems. Yes, users can disable cookies. They can also disable CSS and JavaScript, and even opt out of using the web entirely. Is it really that bad a thing that users are in control of how they use your web site? -Gul [1] http://en.wikipedia.org/wiki/Session_fixation --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
