• New Zealand Government Web Standards 2.0

• New Zealand Government Web Standards 1.0
  • » 1. Images
  • » 2. Colour
  • » 3. Site Markup
  • » 4. Special Purpose Documents
  • » 5. Writing Content
  • » 6. Site Content
  • » 7. Page Layout
  • » 8. Navigation
  • » 9. Style Sheets
  • » 10. Dynamic Content
  • » 11. Tables
  • » 12. Frames
  • » 13. Scripting and Applets
  • » 14. Page Refreshing
  • » 15. Site Behaviour
  • » 16. Site Layout
  • » 17. Archiving
  • » 18. Quality Assurance
  • » 19. Data Tracking
    • 19.1 Data tracking able to be disabled
    • 19.2 Rules governing storage of tracking data
    • 19.3 Client-side personally identifiable data storage
    • 19.4 Encryption of personal information in tracking data
    • Recommendation 19.1.1 Scope of collecting tracking data
    • Recommendation 19.1.2 Server side session state
  • » 20. Authentication
  • » 21. Security
  • » 22. Online Forms
  • » 23. Tendering and Contracting
  • » 30. Site Delivery
  • » 31. Operational
  • » 32. Web Strategy

Recommendation 19.1.2 Server side session state

The Recommendation

Recommendation 19.1.2 Server side session state. Where it is necessary to maintain 'state', server-side session management should be used in preference to any client-side session management facility/mechanism.

Rationale for this standard

Any item of data persisted on the device on which the user is hosting their browser (e.g. client personal computer) cannot be guaranteed secure nor guaranteed secure in its persistence.

The collection of data about a user client and user activity on a web site should only be for creating anonymous web site usage statistics.