I notice that XF requires cookies in order for users to be able to login, I just wondered what other developers do with reference to cookies. On the frameworks I've developed in the past, I've always tested for Cookies and used them for session id storage if they're there and if not, passed a session key via the URL instead. However, the latter is rife for session hijacking, even though I put in various tests against it - I'm wondering if its worth just saying to people that if they want to use the site, they need cookies. Forums are one thing, but many of the other sites on the framework are online shops and a cookie only policy would mean that people who don't accept cookies wouldn't be able to do even basic things like add products into the basket! Just thought I'd take a straw poll of what other developers think.