[2379] in WWW Security List Archive
Re: Smart Fine Print
daemon@ATHENA.MIT.EDU (Vassilis Risopoulos)
Wed Jul 10 11:15:35 1996
From: Vassilis Risopoulos <risopoul@informatik.uni-hamburg.de>
Date: Wed, 10 Jul 1996 15:02:26 +0200 (MET DST)
To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
> persistant cookies. A good start would be adding a patch, or adding in
> the next release, the option to deny use of the cookie file. Otherwise,
> when the ordinary user finds out what kind of information is kept using
> the file, they will likely react unfavorably. Not to mention groups such
I guess noone looks anymore to the beta versions of some products.
Let me see. Netscape 30b4, 30b5 30b5a (yeah, it keeps growing) have an option
that pops up an alarm when a server sends a cookie. It simply asks you is
you'd like the cookie to be saved or not.
I don't understand why there is so much noise about cookies. I think they are
much more usefull then hidden input fields in forms and they do my life a lot
moree easier when I want to track somebody running through my web pages.
As far as I know, a server cannot request a cookie. The client sents to the
server all cookies corresponding to the domain and the path set by a
'set cookie' header.
Vassilis.-
