[Mapserver-dev] C code for reading cookies...

Daniel Morissette morissette at dmsolutions.ca
Mon Apr 28 14:18:11 EDT 2003


Steve Lime wrote:
> 
> Hi Folks: Anyone got code to read cookie values made available to a CGI
> script? I'd like to update the MapServer to tag cookie values onto the
> list of query parameters as an alternative way of passing information to
> the application.. Thanks for any information.
> 

I'm not sure what the benefit of cookies would be, but I would like to
suggest that the cookie support be made optional and disabled by
default.  

Our experience is that cookies always lead to headaches.  Cookies are
used for sessions in PHP by default and they only create problems:

- Apps using cookies are close to impossible to debug

- It is impossible to open two windows pointing to two instances of the
same app if it uses cookies, otherwise the two instances of the
application interfere with each other

- Cookies often cause caching problems, especially with ISPs that use a
proxy to cache web pages locally (not to mention the broken proxies and
firewalls that don't pass cookies at all).  I've even had reports from
someone maintaining a site with sensitive information that some users
ended up seeing the settings of another user because of a combination of
using cookies to maintain application state and a broken proxy at the
ISP's end.

- The back button in the web browsers don't work if cookies are used to
maintain application state.

With maplab and all our PHP apps, the first thing we always end up doing
is overriding the PHP session handling stuff so that cookies are not
used, instead we use a good old sessions ID passed via the URL which is
known to work in a predictable way anywhere.

My 0.02$ on cookies.  :)

Daniel
-- 
------------------------------------------------------------
 Daniel Morissette               morissette at dmsolutions.ca
 DM Solutions Group              http://www.dmsolutions.ca/
------------------------------------------------------------




More information about the mapserver-dev mailing list