[2427] in WWW Security List Archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: cookies and privacy

daemon@ATHENA.MIT.EDU (Dave Kristol)
Wed Jul 17 15:07:52 1996

Date: Wed, 17 Jul 96 12:38:49 EDT
From: dmk@allegra.att.com (Dave Kristol)
To: seth@hygnet.com
Cc: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu

  > I've just read this, and I apologize if this is the wrong forum for me to
  > make my comments.  The first thing I notice is that this draft maintains
  > the (IMO) absurd practice of deleting a cookie by expiring it into the
  > past.  Wouldn't it be better to remedy that now with a "delete-cookie:"
  > HTTP header?

There's generally a reluctance to add new HTTP headers.  Furthermore,
the original Netscape implementation used the expires-in-the-past
mechanism.  So for compatibility we did the same.

Dave Kristol


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[2427] in WWW Security List Archive

Re: cookies and privacy

daemon@ATHENA.MIT.EDU (Dave Kristol)Wed Jul 17 15:07:52 1996

daemon@ATHENA.MIT.EDU (Dave Kristol)
Wed Jul 17 15:07:52 1996