[Zope3-Users] Authentication without cookies

Hermann Himmelbauer dusty at qwer.tk
Tue Apr 15 03:48:02 EDT 2008

Am Montag, 14. April 2008 19:17 schrieb Jonathan:
> ----- Original Message -----
> From: "Peter Bengtsson" <peter at fry-it.com>
> To: "Hermann Himmelbauer" <dusty at qwer.tk>
> Cc: <zope3-users at zope.org>
> Sent: Monday, April 14, 2008 12:55 PM
> Subject: Re: [Zope3-Users] Authentication without cookies
> > Slightly off-topic: What mobile browsers that support XHTML don't
> > support cookies these days? Don't need an accurate answer but I'm
> > curious about rough numbers.
> Here is an interesting read on mobile web site authoring
> http://www.passani.it/gap/.  It indicates that '80%' of devices have some
> level/form of cookie support.

Thanks, that's an interesting read! It's astonishing, how bad standards are 
implemented in mobile browsers. The summary seems to be to either use 
adaptation, which means to optimize the code to a variety of browsers/phone 
models (recommended way) or to use a very limited subset, a least common 
denomiator. Things that are not recommended to use for mobile pages are such 
simple things such as:

- Use only simple inline-CSS or none
- Do not try to colour links
- Cookies are not reliable
- Page caching may lead to problems

> Hermann, as a test you could try setting a cookie, do an http redirect and
> see if your cookie is accessible.

Yes that's an option, thanks. However, it seems, the better praxis is to 
entirely avoid cookies for mobile clients and store a session key in the URL.

Best Regards,

hermann at qwer.tk
GPG key ID: 299893C7 (on keyservers)
FP: 0124 2584 8809 EF2A DBF9  4902 64B4 D16B 2998 93C7

More information about the Zope3-users mailing list