I don't want to feed a flame war here, but I agree that NOW access should NOT require java/javascript. GUI browsers aren't the only tools used to access this site, Some of us automate, (one of the major advantages of a CLI) and have perl scripts for pulling info from the site. Cookies complicate these programs, java/javascript makes them unworkable.

Michael Ryan wrote:

a toaster tidbit: NOW uses cookies not only to manage Session state in IIS but also to maintain Authentication and Authorization across our newly expanded backend. That's why the Cookies have domain ".netapp.com" and not "now.netapp.com."

Using cookies for authentication/authorization is a bad idea. The NOW site is basically insecure to start with (no SSL, all authentication info sent in the clear). The only value the cookies have is to avoid presenting multiple login challenges to the user as they move from server to server. But this can lower security even further because a "cracker" may not need to guess a username:password, just a currently valid cookie.

P.S. I don't care what you do with the corporate site (www.netapp.com) but for us folks who pay for the support site, it would be nice if "easy to use" was a priority.

My $0.02

Graydon Dodson grdodson@lexmark.com Lexmark International Inc.