Since we dont know whether our application is going to be accessed by a client that supports cookies, or whether the user has cookies turned off or not... why would it ever be sensible to use session tracking and/or cookes for client state information in an e-commerce app. Does it not follow that URL Re-writing should always be used??? Herbert.
URL rewriting has a slightly undisirable side effect. It shows the session id on the address line of the browser. This can lead to another side effect. If the user bookmarks this, everytime they use the bookmark, they send an invalid sessionid. It can cause an inappropriate message if your application tests for and sends a different message for an invalid session as compared to a new session.