[Giftweb-discuss] Cookies?

[Matthew T. Jachimstal]

OK, I finally took the plunge and took a look at setting up GiftWeb to
use a cookie to store the session info.I've got it working between
index.php and main.php on my live site at the moment. It's easier than
passing around $s all over the place, but I'm not sure I want to do it.

First, it seems to me that this would eliminate one "feature" that I've
come to count on recently. I often have multiple windows open with
different login names in order to see what a change looks like from
multiple perspectives. The session in the GET line allows me to do this,
but a cookie does not. Any way to restore that ability with a cookie. (I
can't think of anything.)

Do/should cookies be renewed periodically? ie, If I set the cookie for 1
hour expiration time, and someone spends 61 minutes tooling around the
site, will they be automatically logged off? Should it be renewed
everytime they load a page, after it's been validated?

On a positive note, having a cookie would allow index.php to detect
whether you're already logged in and restore your session (within the
expiration time limit, of course) or if it should present the login
form. I think that would be a cool ability....

Also, your overall view of cookies. Personally, I only allow cookies
from sites that I know require them to function, and if I want to use
the functionality they provide (shopping, prefs, etc). My Firefox list
of cookie exceptions is probably 95% deny all cookies. But, then again,
my wife thinks I crazy and paranoid about cookies. I am, after all, the
only person I know that does this.

Thanks for your thoughts on this.
--
Random thought #61 (Collect all 137)
Human beings were created by water to transport it uphill.

| Matthew T. Jachimstal KG9LF
| email: address@hidden
| www: http://www.jachimstal.com
| <*> [\]

signature.asc
Description: This is a digitally signed message part