To depend on cookies or to not to... 04 Februar 2008

...this is the question. Right now I am faced with the question, if I should use cookies for storing the login information on a ASP.NET site. In fact, this is the prefered way. Every "Big" site does it, just name them amazon, ebay. If you haven't enabled cookies in your web browser, you just can't sign in. The well written sites give you a hint, that you've probably disabled them (the cookies) and be better to enable them back. The lazy written sites just don't work. You're always hittin' "Submit", but you'll be redirected to the same login site with no explaination why this happend...

I've in mind something like a dual-mode. That is, if somebody has disabled the acception of cookies on his or her browser, I could encode the user-id into the url or request string. But is this secure? Or in another term: Is this "modern"? One other thing is flashing through my mind: Could someone of these "Big" sites might have the idea, that if they say, they depend on cookies only to be able to let theirs users log in, they also clear their way for tracking cookies? So if I would workout my dual-mode, I would miss the chance to work with tracking-cookies on those, who've disabled their cookiehandling...