Forum OpenACS Q&A: Response to Trying to catch up....Help?

Collapse
Posted by Don Baccus on
<blockquote><i>Command line may be more efficient, but pretty pictures make Joe Schmo comfortable AND productive.</i></blockquote>
Mac OS X isn't the only Unix-based system that makes it unnecessary to use the CLI for most things.  Modern Linux distros have vastly improved in this regard in the last couple of years, along with autodetecting and supporting hardware.
<p>And under Mac OS X you'll still need to do some CLI work to get an OpenACS system up.  But I wouldn't worry about it, we're talking servers here and larger school districts are already running DNS, mail, web and various servers.  They're professional IT types - mine, the Multnomah County ESD most runs Linux these days anyway.
<p>Of course the situation changes at the level of the individual school or for small, rural districts.
<p><b>cookies vs. URL</b></p>
<p>Encoding state information in URLs rather than cookies makes search engine links and the like interesting.  Having an expired session state value show up in a search engine link isn't very cool, for instance.
<p>OpenACS tries to place a session state cookie on your machine but runs fine if you refuse it.  You only *need* cookies enabled to log in.  Cookies can be set to time out, which is useful in scenarios where you might log in from PC in, say, a library and forget to log out.  If you do remember to log out, the system clears the cookie.
<p>If your authentication information is encoded in URLs, then the library PC's browser history will allow anyone to come in and pose as you, even days later.  You could implement such a system so logging out made the old URLs not work (and time out older ones, too) but then you can't bookmark into the site ...
<p>The short story: cookies were invented for a reason, that reason being that trying to track state in URLs is inadequate.