Supporting Users with Disabled JavaScript or Cookies


Nov 13, 2008

How should a web site deal with a user who doesn’t run JavaScript? Abort (fallback to non-JavaScript version of the site), Retry (give the user a friendly error message that it’s necessary to have JavaScript enabled to use the site), Ignore (continue blindly rendering a probably unusable page), or Fail (simply load nothing)? I’ve seen every one of these in practice, and there’s no standard. Some users have JavaScript completely disabled, either for security reasons or because they are on a device (like a Blackberry) that doesn’t support JavaScript. Some users have JavaScript temporarily disabled, using NoScript (like me) to whitelist trusted sites.

I propose that if you can put together a functional site that doesn’t use JavaScript, fall back to this site when the user doesn’t support JavaScript. If you can’t, give the user a friendly error message, but hide the functionality.

The same thing is true for cookies. What’s the right way to check that cookies are enabled and respond gracefully if they aren’t? Showing an error message? Rewriting the URL with the session ID? Just not working? Since cookies are the best way to support sessions securely, I propose that if you need to support sessions, present an error message to users with cookies disabled.

If the web is really just a composition of technologies, how should it respond when some technologies are missing? Why don’t browsers and application frameworks give us easy ways to check for these dependencies?