With pushState, isn't this now irrelevant (and, as it has always been, ugly)?

This reminds me of the URLs generated by Oracle's Application Express (which is my main source of income at the moment).

And you wind up using cookies anyhow to cross-check (ApEx does), because real applications tend to require authorisation as well as application state.

So, to recap:

1. Uglier URLs

2. Cookies anyway.

I think the best solution for handling older browsers is to allow server rendering via loading the page the traditional way. Solving two problems: Keeping your urls looking like they should and also verify that your site is accessible for software that do not rely on JavaScript such as some search engines and other types of machines / software. I see little reason for messing up urls with hashchange, adds complexity when recreating correct state on bookmarks.

The author glosses over the fact that encoding of special characters in the hash is broken in firefox. As an application there's no way to know if you're getting the data you want or url encoded data. Base64 encoding (with replacing chars like $ which most im and email clients fail to autodetect as being part of the url) seems to be the only bet at the moment. Putting the data in the get request and ignoring it on the server also seems to work well.