[ic] Session always changes after first access

Grant emailgrant at gmail.com
Tue Jun 26 13:04:06 EDT 2007 

> >> > I think (I'm not digging into the code ATM so I don't know for sure)
> >> > that the bounce happens afterwards, but it overrides all the buffered
> >> > output from anything previous so cookies that were meant to be sent
> >> will
> >> > get lost.  The best way to keep the session on a bounce is to generate
> >> > the bounce link properly with the session ID in the link.
> >> >
> >> > We should have some sort of parameter for bounce that will preserve
> >> cookies.
> >> >
> >> Just bounce to the page, rather than to a full URI:
> >>
> >>     [bounce page=index status=301]
> >>
> >> The URI will be generated with a session ID parameter if no cookie is
> >> detected.
> >
> > The problem with that is I use:
> >
> > ScratchDefault mv_no_session 1
> >
> > which basically requires session cookies and doesn't write IDs to the
> > URL.  Is there any way to use mv_no_session and prevent the extraneous
> > session from being created?
>
> Use mv_no_session_id and mv_no_count instead, then it will have the id
> in links until it detects a cookie.  This gives the best of both worlds
> as it means that your site will still work for people who don't have
> cookies turned on.

Peter,

I've been using mv_no_session for a very long time, but I'm going to
switch to mv_no_session_id and mv_no_count for now like you suggested.
 Here's how I see the pros and cons of this switch:

Pros:
- user who don't accept session cookies can actually use the store
- first access bounces keep the same session

Cons:
- generated URLs include the session ID until the session cookie is returned

The problem with having the session ID in the URL is basically search
engine stuff.  If somebody posts a link to my store with the session
ID included, Google will see it as a different page than the same URL
without the session ID, and not properly apply "credit" to the
linked-to page.  Also, if a new spider shows up or an old spider
changes its UA so as not to be detected by RobotUA, and that spider
does not return cookies, it will be fed URLs with the session ID
appended.  That's disastrous for search engine rankings.

I'll have to keep a close eye on things.  Thanks a lot for everyone's help.

- Grant

More information about the interchange-users mailing list