[2453] in WWW Security List Archive
Re: cookies and privacy
daemon@ATHENA.MIT.EDU (Seth I. Rich)
Thu Jul 18 12:40:41 1996
Date: Thu, 18 Jul 1996 09:35:18 -0400
To: dmk@allegra.att.com (Dave Kristol), hfinney@shell.portal.com
From: "Seth I. Rich" <seth@hygnet.com>
Cc: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
dmk@allegra.att.com (Dave Kristol) responds to Hal <hfinney@shell.portal.com>:
> > My suggestion was intended to address the shopping cart example, where
> > I can see that state is useful. However I do not agree that the
> > automatic response is essential for this application, as I suggested in
> > my earlier mail.
>
>If the user selectively enables sending a cookie back to the origin
>server while shopping, how can the origin server keep aware correctly
>of what's in the shopping basket? You shouldn't assume that you can
>tell, by looking at the cookie, when it needs to be returned to the
>server. (It may be encoded, for example.)
Which is the web developer's problem to solve. If the user chooses not
to send the cookies back, the user is choosing not to fill her shopping
basket. If the web developer knows this, she will design her site
accordingly. (Perhaps if an essential link -- eg "Buy This!" -- is
selected and a cookie is not sent, an information page is offered with
the reason -why- the cookie ought to be sent.)
>I think cookies are yet another case of a technology that can be used
>for both good and ill.
Well, given the assumption that they can be used for good, at least we
can have the specs support (IMO) good practice instead of old, bad
design decisions.
Seth
---------------------------------------------------------------------------
Seth I. Rich - seth@hygnet.com "Info-Puritan elitist crapola!!"
Systems Administrator / Webmaster, HYGNet (pbeilard@direct.ca)
Rabbits on walls, no problem.
