-
- 9 Posts
Hi,
if I can't disable session-cookies, I have to explain the reasons to my Visitors.
Thanks
smelling salts
Most interactive sites use session cookies. The only other way to pass session information is via the URL, and that's not only ugly but extremely insecure.
The visitor can set his browser to disable cookies, and can set exceptions for sites he visits that require cookies for interactive applications.
-
- 9 Posts
Thanks for your reply, but why is ist necessary to pass session informations.
What kind of information, exactly? What this information be used?
Because it is a dynamic PHP web site that can deliver customized content based on user session information. If you don't need dynamic pages that are sensitive to user context information, why not create them as static HTML pages that will be served much faster anyway?
-
- 9 Posts
But if I need a dynamic website without user context information? Because the contents are created by the customer?
For which information the session is needed then?
It just identifies the PHP session associated with the client browser; this operates everything from authentication to security and is required even of anonymous users.
-
- 24,544 Posts
Think of it this way. When multiple users visit multiple pages, MODX needs to know which user is which. When a user fills in a contact page, for example, MODX needs to know which user filled it in when processing it, since two users could be submitting the form at the same time. When a user logs in and then goes to visit another page, MODX needs to know it's the same user that logged in. Without the session cookie, all users look alike.