I saw that there was a method in browser.php: 'ignoreCookies' -- any ideas what this does?
I'm asking because I'm doing a mobile app with Silverstripe and it looks like Silverstripe's authentication requires cookies -- i.e. it doesn't do embedded URL rewriting if cookies aren't supported. And the W3 guidelines on cookies for phones is 'don't rely on them' => don't rely on silverstripe for authenticated mobile access?
Any plans to incorporate this feature in future? I know it's an architectural issue -- URL generation will need to be abstracted but I think it's pretty well done anyway? It'd need to be changed so all links include the contents of the cookie as params. Yeah it sucks if the user types a URL but they're unlikely to do that on a mobile.
Regarding mobile phones: We clearly want to be able to have our sites accessed on a mobile phone, although realistically until they have decent screens and browsers, few people will use them. Most websites out there, even without a mobile phone, do not need authentication, but I we don't want to be in a situation where you cannot use SilverStripe for mobile applications because of cookie issues. I know from Ben Nolan, who wrote moso.co.nz, a complex mobile phone app, that cookie support was very good even on the fairly backward New Zealand phone industry. I'll ask him to comment :)
This isn't something that we had considered thus far; however, it's unlikely to be too hard to get *something* going. There used to be some sort of setting to disable link rewriting, although I can't find details of it.
The reason that we disable this setting is because when a user first visits, it has no way of knowing whether cookies are supported, so the first links out of the homepage always have a ?PHPSESSID=3453425345345234 added to them, which was too ugly for us to bear ;-)
That said, this should be something that developers set on a site-by-site basis.
Julian, if you figure out how to re-enable the URL rewriter I'm more than happy to put a patch into the next release.