Re: [Phplib-users] No session_id or cookie if not authenticated.. how?
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
Re: [Phplib-users] No session_id or cookie if not authenticated.. how?
|
From: Aric C. <gre...@pe...> - 2002-12-04 23:12:30
|
Well at the moment, we have it set to not fall back to get mode. So, you either accept the cookie or you can't use the shopping cart (or login or do anything other than look at products). We figure there aren't going to be many people turning off cookies, and those who do it are knowlegeable enough to understand why we're using cookies. The problem (if it is really a problem, which I am not entirely sure of, but my boss is concerned about) is with search engines. Since they don't accept cookies, they would get session id's everywhere. Now I can't seem to find a definitive answer here, but some (all?) search engines supposely will ignore any page that has session id's (specificaly, any url with a '?' in it). Now, I have my site working without the '?' and '&', using '/' everywhere instead. My boss thinks (I disagree) that the search engines will still barf on our urls because they will see the big long random looking session id and even though it looks like a directory will still ignore our pages. Another possible concern is that phplib redirects when you login. I noticed that when trying to use the validator.w3.org service it doesn't work because of the redirection, it works if I point it at a url that includes a session id in it. I dont know if that means a search engine might also refuse to index the site. Also if the search engine did work, the indexed urls would have session_ids and anybody that went through that search engine to get to us would have the same id... I dont know if that's a problem or not? Perhaps there really isnt anything to worry about... :) ----- Original Message ----- From: "Matt Williams" <li...@ye...> To: "Aric Caley" <gre...@pe...> Sent: Tuesday, December 03, 2002 1:28 AM Subject: Re: [Phplib-users] No session_id or cookie if not authenticated.. how? On Wednesday 04 December 2002 00:11, Aric Caley wrote: > I guess what I have to do is check my parameters first and then call > page_open() only when needed, but then like you say the session gets lost > when a user goes to an unprotected area. So I'd have to also check if the > user already has a session and call page_open() if so That's true but only if the user is using a non cookie session. IMHO I don't see what the big issue is with accepting cookies. Yes fair enough in some instances like ad sites and the like, but if I'm on a site where I know there is a members area or I'm gonna buy something, I expect to have a cookie or two dropped on my machine. And if they wanna track my progress around their site fair enough maybe they'll offer me a deal on something I do want but never thought they had.. Why is it a problem to start the session when the user first visits? matt |
