With all of the changes in MSIE, causing havoc for programmers who use cookies, and troubles with some search engines when urls such as those common with phpNuke, and Post Nuke are used, I am interested in getting comments on the following idea developed from reading some of the posts here at PHP Builder.
1> Attach only the session identifier to the URL.
2> Use no cookies, but instead store the access information, location, etc inside the database, with the index field being the session identifier.
2a> When the user logs out, simply delete the record for the session id. Thereby any request from a page with that id would automatically create an error when the record wasn't found, and would force the user to log back in, using thier password, and username.
3> Any extra info needed, such as values for a specific article, search string, etc, could simply be incorparated into the page using HTML comments, hidden form fields, etc that could be parsed by a CMS core, or similar to gather what info that was needed, aside from things like password, etc. (NEVER put such info in the page let alone plaintext of a cookie...)
