[Lispweb] session tracking: url rewriting vs cookies
marc.battyani at fractalconcept.com
Mon Jun 25 03:03:52 CDT 2001
Lyn A Headley writes:
> I'm writing a community application using IMHO/usql, and i've run into
> some prickliness regarding imho's url-rewrite strategy of session
> tracking, whereby a random session-identifier is encoded in the url
> requested by each client. While I like the explicitness and the way
> even the cookie-shy can use the app, I don't see a way around the
> following difficulty:
> I want to have two kinds of pages: general, which can be viewed by
> non-members, and personal, which are tailored to the needs of a
> specific member. I also want to be able to cache general pages to
> increase speed. The cached version will, of course, have a session
> identifier of "none." So take, for example, the group summary page
> for the group, say, Lispweb. It has a link to the propose new issue
> page which is a personal page relative to a member (the proposer). I
> want to be able to cache the group summary page AND allow logged-in
> members to be able to propose issues without being forced to log in
> again, but using the url-rewriting session strategy I don't think I
> can, since there is no way to know that the proposer is a member,
> since the link in the cached page contains no session identifier.
> I think I'm going to add cookie-based sessions to IMHO, but if anyone
> has a better idea to support the general/personal dichotomy with
> caching, I'd love to hear it.
I think both cookies and URI rewriting are useful.
I use URI rewriting for session management (short term) so that it works
with everybody, even if they disable cookies. But I also try to put a cookie
for long term identification/stats. This cookie, when found, is linked to
the session but I still use URI rewriting for the session management.
Cookies are a good idea, it's too bad they have been abused by DoubleClick
Maybe I'm missing the point but, if the caching is made by the Lisp
application, I don't see why you can't cache your static pages with URI
encoding. The URI will change but not the content.
More information about the lispweb