From the “hills I’m willing to die on” department: Cookies are 100% evil, they should never have been added to the web platform, and the world would be a better place if the HTTP auth mechanism had been continuously extended and improved instead
7
15
2
86
How would one implement state management for unauthenticated sessions, such as shopping carts? Sessions as url parameters didn't work well.
1
1
That was done a lot in the early days, it's a disaster from a usability standpoint. Go back and lose your cart, you can end up with two carts in two windows, accidentally close the window and it's gone, share a link and someone else gets your cart, etc.
1
1
Some of these things can be avoided by sophisticated users (e.g. get cart back from browser history, edit session parameters out of URLs) but it's not practical.
1
And the technical challenges of rewriting every link to include the cart URL is a disaster for site developers. (If a page links to a FAQ on shipping, it has to pass the cart ID and now that page can't just be static HTML, it has to rewrite every link to include it).
1
This sort of pain is how we got frames as an attempt to manage state in just a part of the rendering, but that was also a bad path from a development and UI standpoint.
1
Many good points. But some new problems were created on the way, e.g. what if I *want* to share e.g. the cart, but can’t because it’s no longer addressable without the information hidden in the cookie? Cookies have all the advantages and disadvantages of global variables.
May 9, 2020 · 2:16 PM UTC
1