How to avoid duplicate sessions when not using cookies
Posted on 2004-09-13
I have a site that maintains session via session IDs appended to URLs. When a visitor arrives on the site for the first time, as session is assigned.
The problem I have is this: the first page visited has no session ID in the URL, as none has been assigned yet. But, if this is page is returned to via the Back button, depending on the visitor's cache setting, the browser requests the page again from the server, which (because it carries no sessionID), assumes it is a new session. This is distorting my stats.
What is the best way to handle this? I have thought about using response.redirect ... to assign the ID and then redirect the browser to the landing page, this time with a url that contains the session ID, but I am concerned that bad things might happen, such as browsers complaining about the redirect for security reasons, or search engines thinking I am tryint to bait and switch.
Anyone got any ideas?
P.S. please assume cookies are off limits.