Hi there, just a quick note on the subject. Cookieless session management can store the session ID in hidden form elements, URL insertions, it can use referer, browserversion and IP-address, etc. and mix all these to track the session/user. I know ZOPE CookielessSession uses URL insertions, not sure if it uses the other tricks as well. The problem with cookieless session management in general is that it's less reliable. If you use cookies you got em or not. If you use the other techniques you _might_ run into a bunch of strange problems. URL-Insertion with Flash or Javascript? Not always possible. IP-tracking with more then one user behind a NAT-Router? Hardly. Users browsing your site with two instances of the same browser on their desktop? Bummer. I don't love cookies very much myself but if you run a site which may have things like Flash or Javascript and especially if you run applications that need to rely heavily on the session management (Shopping, complex administration, login via form and not popup, etc.) I would strongly advise to use cookies unless you know exactly what you're site is doing and how. Not really that much Zope but I hope this helps :) /Gem
On Mon, 2003-04-07 at 18:31, hpinson@indepthl.com wrote:
Hi Chris-- thanks for the reference.
Is there some drawback to using a session model that stores session information in server memory (CookielessSession) as opposed to a URL- based" sessioning mechanism, like Zope uses?
Somehow state needs to be kept between requests to implement sessioning. (each request to an HTTP server is "fresh", no state is kept between them, this is why cookies are often used for sessioning because they implement a means of tracking state between requests).
I'm not sure how CookielessSession does this, but if it doesn't use cookies, it likely either uses query strings, hidden form elements, or URL insertions just like the stock Zope sessioning stuff.
I don't know if you or anyone else has experience with the CookielessSession Product-- it seems to much easier to use than Zope's mechanism. It has not failed after two projects (light usage only).
No, sorry, I don't have any experience with it. If it works for you, I'd say use it!
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )