Any justification for an IT policy that query parameters should not be used?

Question

My company, which builds ad server, affiliate network, contact form and CRM software was acquired last year, and we are now in the process of reworking our technology to fit the IT policies and guidelines of the parent corporation.

One of these policies is a tremendous sticking point and causing all sorts of problems for us:

No query parameters are to be used in any URL visible to the end user

This includes content URLs, ad clickthrough targets, redirects, anything which will either show up in the address bar or in a mouseover status bar update. The effect would be no affiliate ID parameters, media source tracking IDs, session IDs, CMS content selection parameters, anything. Several fundamental functions of our software simply can't be accomplished without passing parameter data from one page to another. In our case, many of these links are from different sites or subdomains, it's not possible to pass data via cookies, either

The only justification I've been given is that query parameters prevent some proxy caches from working properly. This makes no sense to me--I've never heard of such a thing--and nobody is willing or interested in discussing it at length. I've not even been given an example of what specifically is broken or why the policy was created.

In any case, this being a global corporate IT policy, in the end the reasoning doesn't matter, only compliance. Although getting it changed is most likely out of the question, I would still like to understand what valid concerns may have prompted its institution. Understanding the mindset may be a first step towards finding a workaround.

My first thought for a workaround was to embed parameters within the path portion of the URL and extract them with an Apache mod_rewrite, but this is out of the question because:

Corollary: Every URL must present unique content available through no other URL

So making multiple URLs which actually refer to the same page but contain other parameter data in the URL is also unacceptable.

Questions:

• Is there valid justification for not using query parameters?

• Specifically what proxies or systems fail to work when query parameters are present?

• Does it possibly have something to do with SEO? The corollary makes it appear so.

• What workarounds might there be for passing data from one site to another under this restriction?

Answer 1

i only have answer for the "workaround" question: use PATH_INFO.

edit to be more specific

instead of /banner.php?what=ever&any=thing use /banner.php/what=ever/any=thing. apache will still serve the request through /banner.php, and /what=ever/any=thing will be present in $_SERVER['PATH_INFO']. you'll have to rawurldecode and explode the string yourself since the webserver won't do that for you, but that's no big deal.