[prog] cookies

Becky L. Norum bnorum at coe.neu.edu
Fri May 14 15:50:12 EST 2004


On Fri, 14 May 2004, Almut Behrens wrote:
> If you're concerned about the cookie still existing (for privacy
> reasons, like disclosing what sites the user has been visiting, or
> whatever else), but don't really have a specific reason for storing
> the cookies persistently in the first place, you might consider using
> transient 'session cookies' instead (created by _not_ setting the
> expiration date). This would nicely circumvent having the cookies on
> disk at all, as they'll only be kept in memory then.

Thanks for the feedback, Almut.  Yes, we do have cookies set to expire at
the end of the browser session to minimize security issues.

> Btw, what exactly is it that you want to achieve, i.e. why does it
> matter that the cookie is not deleted immediately?  Maybe there are
> alternative ways to approach the problem...

In a nutshell, we want to retrieve a special set of data from the database
if the cookie is set.  Of course, we only want to hit the database once,
not every time that class is loaded, and only if the cookie is set.

We were hoping that by using a cookie to maintain this setting, we
wouldn't have to pass around an extra user session parameter in our
application since that is large enough as is.  Or make the code more
brittle by keeping the parameter in a request object and passing it
between requests.

I don't care for using cookies, myself -- investigating them is one
possible solution, and one it looks like we probably won't end up with
after all.  :)

Thanks!

Becky


More information about the Programming mailing list