All the Perl that's Practical to Extract and Report

Javascript and cookies

jdavidb on 2007-02-09T15:25:43

Please enable JavaScript in your browser to experience all the custom features of our site, including the ability to make a purchase.

Please enable Cookies in your browser to experience all the custom features of our site, including the ability to make a purchase.

If your site needs Javascript and cookies to show me your product, your site is crap. Wouldn't it be smarter to make it easier for people to see and buy your products?

HTTP Sucks

DAxelrod on 2007-02-09T18:17:13

While I agree that requiring JavaScript enabled is annoying, how many online stores actually work if cookies are turned off?

HTTP is stateless. Under any shopping cart type scenario, you need to be able to persist the list of products the customer wants to buy. The alternatives to cookies are rewriting every link on every page to include a state identifier, which has its own wonderful problems associated with it.

May I ask what the context was in which it was onerous to use same-domain session-only cookies? I'm having trouble thinking of any, but it looks like you encountered one.

Re:HTTP Sucks

Alias on 2007-02-10T06:56:07

The conventional way to handle this is to to put session keys into the URI instead of the cookie. /shop/1b28dcb81028be012b8dc01/item/12345

Re:HTTP Sucks

Aristotle on 2007-02-10T08:23:47

Yeah, HTTP is garbage. Luckily, we have stateful protocols like FTP that scale so much better. :)

Re:HTTP Sucks

mock on 2007-02-11T05:20:46

Or you could use POST and hidden session variables. It seems kinda dodgy to me to be using GET in the first place if your state is going to be changing. Doesn't sound very RESTful.
EuSecWest is an example of a cart that doesn't require either cookies or javascript. Mostly because we sell to a very security conscious/paranoid audience who don't necessarily have either javascript or cookies turned on, and may restrict both by organizational fiat.

Re:HTTP Sucks

jdavidb on 2007-02-12T20:37:52

I'm not saying stores should be able to function without cookies. I'm saying that I don't want to have to turn them on for your site until I decide if your site has anything worth selling, and if your site can't even display the goods to me without having to track the fact, you need to get over the ego that made you think this was important and just show me what you're selling.