RE: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Particip ation

["Hunsberger, Peter" <Peter.Hunsberger@stjude.org>]

Elliotte Rusty Harold <elharo@metalab.unc.edu> asks:

<snip/>

> For instance, a father might want to have the user info for both his 
> Yahoo account and his childrens' accounts, and choose between them 
> dynamically without overwriting any of them. Indeed he might want to 
> have both accounts open at the same time in separate windows. Is this 
> even possible with cookies? 

Not that this is necessarily a reason to do so, but yes: use session
level (non-persistent) cookies, they are attached to the individual
browser instance and never stored on disk.

> It's definitely possible when different 
> accounts have different URLs and HTTP authentication is used to 
> provide the password.
> 
> Or perhaps I have both a personal amazon account and a business 
> amazon account, both of which I access from the same computer, maybe 
> even at the same time. If each account has a separate URL and a 
> separate user name and password, no problem. If each account has the 
> same URL, I'm in trouble.
> 
> The key idea is this: independent URLs for independent resources. If 
> all the information I need to locate the resource (not necessarily to 
> access, but to locate) is in the URL, we're in business. If some of 
> the location information is hidden in the cookie, you've got problems.

Here's a different use case for you:

How do you balance between tracking flow with stateless systems (as in
shopping cart check out) and caching (performance optimization)?  If you
don't use Cookies you've got to write some unique state identifier into
the response/request cycle.  Preferably not in the URL so as a parameter
to be passed back on the POST.  Since this identifier must be unique for
each user you've now destroyed the ability to cache the page generically
and instead must generate it uniquely for each user.  I'd argue the only
rational choice is cookies (preferably non-persistent)...