Re: shopping cart in net.data

Nathan Andelin wrote:

Well, that specific "bug" seemed to stump the people who were maintaining Firefox. And given all the "goodness" of Firefox, I'm not going to be too critical of the Mozilla developers or the development process.

It seems to me that Web application developers can work around the problem by assigning a new session key each time a user accesses an entry point of an application, whether or not there may be a session key already stored in a cookie, URL, or query-string parameter.

With all due respect, Nathan, you missed the point of this bug in a big way.

First, you can't log onto two authenticated services (Gmail and Yahoo, for instance) with Firefox. The sessions collide. Second, there's a huge security risk in that if you forget to close ANY Firefox instances, even if you close your browser you could still leave an open session. Third, if one Firefox session becomes unstable, then you can't cancel it without canceling all your Firefox sessions.

Yes, some web applications may be able to program around the limitation, but that won't solve any of the above issues. As to the developers, the thing has been hanging around for six years, brought up dozens of times every year (there are some 80 DUPLICATE bugs on this one issue), and the primary response from the developers has been "you don't like it, fix it." And regardless of whether their response is justified or not, the response itself was my primary point on the difference between open source and commercial.

Joe