You could do a test for cookies though right? and at least show an error message stating cookies are required if the test fails?It's a fundamental design decision. The only other option is to stick the session in URLs and that's not an option that we're happy with.
Or Maybe not... I don't think Session ID's should be in URL's ugly and pointless.. To get the best out of the web these days people need to realise that cookies are NOT evil.Unfortunately the forum users won't be happy with it...
Maybe there is still time to change that design decision.
I'm not searching-asking.How many people do you know that browse with cookies disabled nowadays?
This would be nice, if possible of course. Cookies will also fail to work if the user has nog space left on their cookies folder (which happens sometimes).You could do a test for cookies though right? and at least show an error message stating cookies are required if the test fails?
I totally agree with the not using a SID but if we do that need to explain to people why they can't login also.
Theres this thing called private tabs/private window/privacy browsing/what have you in modern browsers (In most cases), and it does wonders. Basically, it allows you to go stealth, just like an Internet Ninja!You can,don't worry,XF protects you,they know what's good for you.
I agree there needs to be a notification at least.I'm okay with requiring cookies, but there definitely needs to be some sort of notification/error message instructing the user to enable cookies when they try to login and they are disabled...Without that, mass confusion ensues