General Thoughs on Cookies

homchz

While building my membership site I have tried to make it so even if a user does not accept cookies, they would be able to use the site. However, physically passing the sessions though the site became a big pain, and caused many issues. Mainly because I am new to PHP but that is another issue all together.

So the more I thought about it, I assume that 85%+(randome guess) of my users will be using IE and will more then likely use default settings and will know nothing of cookies or sessions. The other 15% that know what cookies even are, and deem my site worthy of joining and visting, will know enough to allow the cookies to be set .

So, is taking the time to build a site for the "cookie blockers" even worth it?

Any thoughts?

Josh

piersk

I personally am not fussed about cookies. I just delete them all from time to time. I personally wouldn't bother.

goldbug

I think they are quite delicious, especially the chocolate chip kind.

homchz

goldbug wrote:
I think they are quite delicious, especially the chocolate chip kind.

😃 Plain Sugar is more my speed.

drew010

i remember maybe ~7+ years ago when people feared cookies because they didnt understand the nature of what they were for and why their computer would store information from the site and send it back. now i think people are more familiar with them, at least those who surf the net a lot, and dont think twice about them. i wouldnt waste your own time for those people. simply put a note on the login page saying it requires cookies, and if you are having trouble logging in, that they should enable them, and then give instructions for the common browsers on how to do it.
many large sites i have been to, will actually check to see if you did accept the cookie, by forwarding you to one page after the login that will check for the existance of the cookie, if it finds it you go to the regular main logged in page, if not, you are sent to a page saying your browser didnt accept the cookie and that they are required.

homchz

drew010 wrote:
many large sites i have been to, will actually check to see if you did accept the cookie, by forwarding you to one page after the login that will check for the existance of the cookie, if it finds it you go to the regular main logged in page, if not, you are sent to a page saying your browser didnt accept the cookie and that they are required.

Good idea thanks!

I kind of do this by asking to validate an email, and set the validation code in a cookie, then have them match it via a url in an email message. If they cannot match that cookie they are not validated, and are not registered.

goldbug

Don't forget to let them know about any requirements--cookies included--before they begin the registration process--be as up front and open as possible. It's tremendously frustrating to jump through registration/verification hoops only to find out at that point you can't use the site using your technology of choice.

homchz

goldbug wrote:
Don't forget to let them know about any requirements--cookies included--before they begin the registration process--be as up front and open as possible. It's tremendously frustrating to jump through registration/verification hoops only to find out at that point you can't use the site using your technology of choice.

Right now I do have a note on the entrance page, but solid advice. Thanks.

justsomeone

An alternative to this dependance on cookies is to build a custom session handler, which you call from the top of each page. This custom handler can just use cookies for anyone who has then enabled, otherwise it can pass a sessionid as a GET/POST var.

I've done this successfully in the past. You can also use this custom code to caclulate a "confidence" score for any session id - by logging the IP address which last used a particular session ID, the time when it was last used, the last session id used by the currently requesting IP etc etc.

All in all, it's possible to build up quite a healthy system. But what everyone else is saying is important too. You may find that it takes you some time to develop this flexible session handler, and that time may be better spent on other functionality which you could be adding to your site.

On the other hand, if you invest that time once, it could be something you can quickly add in to future projects, making them all more tolerant and respectful of user settings.

The choice is yours 🙂