Tired of cookies

boballoo

I am not a programmer but as the owner of http://www.editfast.com I need to understand the way things work. I have inquired about hiring a programmer to help me with the problems associated with cookies, browser settings and firewalls. He has indicated that the entire site needs to be rewritten to pass the session info in the URL and that it will cost me...a lot of money. Another programmer I have used in the past has indicated that it merely needs a change in the .htaccess file which will cost me about ...$2.00.

Who is right? Is there another solution that will cure the user trouble with cookies?

planetsim

Try to avoid passing a SESSION through the URL its just asking for session hijacking.

Id suggest rewriting only the bits that have Cookies there doesnt need to be a total rewrite unless the programmer cannot understand what is currently there if thats case id look for a more competent programmer. Its not just a .htaccess thing you cannot physically change a cookie to a session with .htaccess although it can be used to make sure SESSION data isnt on the URL which i highly suggest

ahundiak

boballoo,
You really have not given information about what sort of problems your users are actually having.

I am going to guess that some users are disabling cookie support (or some firewalls are blocking cookies) which results in your web apps failing.

Many apps generate a "session id" to identify a particular session. These session id's are typically stored in a cookie and thus, disabling the cookie will disable the application. For many apps, this session id is the only thing being stored on the client and thus is the only thing we need to be concerned about.

If the original developer used standard php session functions then there is indeed a .htaccess setting which allows storing the id in the url. Tweaking this setting may in fact be all that's needed so I would suggest trying it first.

However, it's possible that the developer did not use standard php session handling. It's also possible that the developer may be using cookies to store information besides the session id. It's also possible to write code that use's the standard session handlers but still will not work after adjusting the cookie controll settings.

Having some idea of how cookies and sessions work is esseintal for making these kinds of decisions. Here is a starting point:
http://www.php.net/manual/en/ref.session.php

boballoo

Originally posted by ahundiak I am going to guess that some users are disabling cookie support (or some firewalls are blocking cookies) which results in your web apps failing.

Your guess is correct and thank you for the useful information. This is just what I need to make an informed decision about who to hire as a programmer and also to understand what is actually going on in general terms.

Fortunately, the business generated from my site is keeping me very busy but this means I no longer have time to dig deep into the programming issues so I must rely on others to do this for me while at the same time maintaining my understanding of the basics.

From what I have learned in my research the switch may not be such a huge undertaking and could be as simple as a "Find and Replace" operation with a few added complications. So my guess is that it would be not more than a couple hours work for a good programmer. Would that be a good rough guess?

Thank you for your help.

Roger_Ramjet

In general, more and more users are fed up with all the crap on the internet these days. They are fed up with having their home-page hijacked, spyware - being pestered by ad pop-ups, and having their modem dialler being redirected to some premium rate number. These are just some of the problems users face every day on the internet. So they are doing things like disable-cookies, turn off Java machine, etc, etc. Many are also realising that Internet Explorer is half the problem and using an alternative browser, which generally do not process complex javascript functions. If you want your site to be fully functional for all browsers and all users regardless of their settings, and if it is ecommerce then you must, then you need to get a programmer who can a) code for browser compatibility, b) program a site without using cookies, c) knows why passing data in the URL is a BAD idea.

This may well mean a complete rethink of your site design, or just tweaking by a pro, all depends on what kind of cowboy wrote it in the first place.

boballoo

Originally posted by Roger Ramjet
If you want your site to be fully functional for all browsers and all users regardless of their settings, and if it is ecommerce then you must, then you need to get a programmer who can a) code for browser compatibility, b) program a site without using cookies, c) knows why passing data in the URL is a BAD idea.

Roger, you hit the nail on the head. That is exactly the type of person I am looking for but in order to assess their skills before I hire them, without doing a trial and error session which has cost me a lot of time and money in the past, I need to understand the basics. Your help is appreciated and I now have the right questions to ask in order to judge the potential of the programmer I will be hiring. Now to find the right person.

Roger_Ramjet

Get them to present their portfolio, preferably site that are currently online, and test them with various browsers. Netscape, Mozilla, Opera etc are all free to download and use.

When the job is finished, and before you pay for it run a test of your site through Browser Cam which will show how it looks in all current browsers. A pro will have everything almost identical, even if this has meant browser detect and alternative pages.

An example of what you don't want is www.asda.com whose online shopping section includes java menus that only work in IE5+. Given that their main market will be workers on a company network who want their groceries delivered, being incompatible with Netscape turns their site into a joke and looses them money.