On 03/03/2013 06:52 PM, Henk van Oers wrote:
On Sun, 3 Mar 2013, Punter wrote:
What if a website's ethical policy is that it doesn't track users after they've logged-out?
I do not want to set a session cookie in that case.
I, on the other hand, want to set a session cookie for when the user is logged in, and delete it (and not re-set it again) when the user logs out.
How can it prove that to the users, if it installs a new cookie then?
I solved this problem by making 2 websites: - "static" no session - "dynamic" other hostname, other config.yml
In my case, the same pages should appear on both sites, with tiny differences. It would not be practical to maintain two sets of pages with repeated elements for the cookie & no-cookie cases.
On 03/03/2013 05:55 PM, Rik Brown wrote:
That sounds like it's working correctly. You got a new empty session and a cookie for it. I don't think it's expected that you won't get a cookie if your session is empty.
Sorry, it IS expected.
It would be nice if one can start sending cookies only for some routes.