Force the use of cookies

[GoogleCodeExporter]

This came out of discussion in Issue 304.

It might be nice to have a setting to force the use of cookies in your
application. This would ensure that URLs were never written containing the
session key.

This could possibly be done in WARegistry>>addCookieForHandler:to: by
forcing a redirect with a "cookieTest" field in the URL and then catching
incoming requests with "cookieTest" set but no cookie and responding with
an error.

Rather than having a new setting for this, #useCookies could possibly be
changed to a select box with "no/yes/force" or similar as options. This
would ensure nonsensical combinations.

Original issue reported on code.google.com by [email protected] on 30 Jan 2009 at 2:56

[GoogleCodeExporter]

Original comment by renggli on 8 Sep 2009 at 7:09

• Added labels: Version-Seaside3.0
• Removed labels: ****

[GoogleCodeExporter]

Original comment by renggli on 8 Sep 2009 at 7:10

• Added labels: ****
• Removed labels: Version-Seaside2.9

[GoogleCodeExporter]

WACookieOnlySessionTrackingStrategy does this

Original comment by [email protected] on 2 Aug 2011 at 7:14

• Changed state: Fixed
• Added labels: Version-Seaside3.1
• Removed labels: Version-Seaside3.0