On Tue, 22 Oct 2002 23:37:01 +0900, Patrick May <patrick-may / monmouth.com> wrote:
>Eric Schwartz <emschwar / fc.hp.com> wrote in message news:<eto8z0ry3zr.fsf / narsil.emschwar>...
>> Not necessarily; it's possible to track a session without using cookies.
>> URL rewriting is one obvious technique, but I'm sure there are others.
>
>I'm not saying that it's impossible to track a user without cookies. 
>But you end up with requirements that are very different from the way
>sessions work.  [...]

One problem I've found with cookies, from the viewpoint of web server
design, is that if you make cookies optional, most (more than half)
users will choose to not accept them.  If you make the cookies
mandatory, users will accept them, but then a significant percentage
(maybe 10-20%, but I'm handwaving) will delete the cookies between
sessions, or (worse) use software which messes with the cookies in
some way.  This makes it very difficult to use them reliably for
tracking.

One nice thing about URL rewriting is that it is wholly implemented on
the server, and therefore it is much easier to control, and requires
no special compliance (or lack of defiance) on the part of the client.
Granted, it is more limited in how it can track users (can't track
users across dynamic IP addresses), but within its limits it is fairly
foolproof.

My apologies if this is too far off topic, but I wanted to share my
battle scars.

--Mirian