On Fri, Oct 23, 2009 at 1:41 PM, Karen Coyle <lists_at_kcoyle.net> wrote:
> I don't recall the details, but something in the back of my mind is telling
> me that the sessions exist because we didn't want vendors to use cookies on
> public access terminals. Does anyone else remember that? I believe the idea
> of the session-based URL was to retain the session without leaving anything
> on the computer.
This is exactly right (not just public terminals, but also this
hypothetical fear of disenfranchising anybody that might turn cookies
off or be on a browser without cookies).
Having session information in the URL isn't necessarily evil, but not
"failing" into a new session sort definitely is. After all, the way
the status quo is designed, it would seemingly fail even with cookies
(since you'd just be pushing the session id into a cookie, rather than
the URL).
It's just piss-poor, inexcusable, pre-web design and we should be
ashamed that it still persists to this day.
-Ross.
Received on Fri Oct 23 2009 - 14:24:56 EDT