When you can not use a session, how can you handle logging or updating a user? Adding a user id or a cart ID to a hidden input field looks like a security defect.
session-table ID Adding every form (and all kinds of side links, if you want to keep state on browsing) is actually done in a way that is traditionally used when you can not use cookies.
It is a pain to apply parameter-sessions (with the ugly /page.php?session=459gj0tv789yn -style link), it breaks caching and users Can not copy and paste accidents if they accidentally share the session For these reasons, most sites do not bother even more, and just need cookies.
Whatever you can do is use the HTTP Basic Authentication so that the user can get permission to enter an account and the session information on all the accounts is slightly less convenient for the shopping cart because The user needs to sign in before putting anything in the car, but in general it is a good choice of cookies.
Comments
Post a Comment