I’ve bumped into several users that have cookies disabled and therefore the site doesn’t work like I’d want. I’m using webapp2 and django 1.2 templates with {% url %} template tags on appengine.
I’d like to find an easy way to address this that doesn’t make me end up making LOTS of code changes. Going to all my urls and conditionally adding ?cookie= to all of them is going to be a real pain, so I’m hoping there is a simple solution to this problem.
It causes problems with the CSRF code on forms too, what do you do in that case, just give up CSRF?
I can do some stuff in the urlNode code since I should be able to resolve the logged_in_user object from the context, so that might deal with a good bit of the problem, except any place that adds params after the ? will now have to use &. All in all, NOT a pretty solution.
Anyone know of an easier way to deal with this?
I don’t recommended building site with cookies as optional requirement, site design gets soon extremely complicated and you probably open more security holes that you can imagine. If you must support users without cookies, use HTTP basic authentication to authenticate and recognize users.