You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Rasmus Lerdorf <ra...@lerdorf.on.ca> on 1998/06/08 18:54:47 UTC

Grr... Cookie paranoia sucks!

Sorry for the vent, but I am getting very frustrated having to use all
sorts of hacks to get around the fact that some people have cookies turned
off.

Anybody have some decent in's at Netscape and Microsoft?  It would be very
nice if the browsers would differentiate between long-life cookies (those
that get stored on the users' disks) and session cookies.  I think the
majority of people who are afraid of cookies invading their privacy have a
problem with the long-life cookies and not with the session cookies and as
such it would make life easier on everybody if turning off cookies meant
only that the browser would not write any cookie data to disk but would
still accept session cookies.

-Rasmus

Re: Grr... Cookie paranoia sucks!

Posted by Chris Tacy <ch...@enginered.com>.

or at least some header that indicated if a browser was rejecting
cookies would be REALLY nice.
sigh...

Rasmus Lerdorf wrote:
> 
> Sorry for the vent, but I am getting very frustrated having to use all
> sorts of hacks to get around the fact that some people have cookies turned
> off.
> 
> Anybody have some decent in's at Netscape and Microsoft?  It would be very
> nice if the browsers would differentiate between long-life cookies (those
> that get stored on the users' disks) and session cookies.  I think the
> majority of people who are afraid of cookies invading their privacy have a
> problem with the long-life cookies and not with the session cookies and as
> such it would make life easier on everybody if turning off cookies meant
> only that the browser would not write any cookie data to disk but would
> still accept session cookies.
> 
> -Rasmus

-- 
#################################################
chris tacy              president and co-founder	
fire engine red         http://www.enginered.com/

Re: Grr... Cookie paranoia sucks!

Posted by "Life is hard, and then you die." <ro...@innovation.ch>.

Ben Laurie wrote:
> 
> FYI there's some activity in the HTTP WG on the subject of cookies and
> privacy. Dunno where its at, but may be worth a look?

The cookie discussions are on a mailling list of their own:
http://www.bell-labs.com/mailing-lists/http-state/ . The current state
of things is that the latest draft (draft-ietf-http-state-man-mec-08)
has been submitted as a Proposed Standard. The only client
implementation I'm aware of is my own, but at least Lynx and libwww
have implementations of earlier drafts (libwww may have been updated in
the mean time, dunno).

RFC-2109 and the latest incarnation of it have some requirements about
"unverifiable transactions", which are an attempt to limit the kind of
stuff that folks like Doubleclick are doing, and which has been the
cause of most of the cookie debate.

  Cheers,

  Ronald

Re: Grr... Cookie paranoia sucks!

Posted by Ben Laurie <be...@algroup.co.uk>.

Rasmus Lerdorf wrote:
> 
> Sorry for the vent, but I am getting very frustrated having to use all
> sorts of hacks to get around the fact that some people have cookies turned
> off.
> 
> Anybody have some decent in's at Netscape and Microsoft?  It would be very
> nice if the browsers would differentiate between long-life cookies (those
> that get stored on the users' disks) and session cookies.  I think the
> majority of people who are afraid of cookies invading their privacy have a
> problem with the long-life cookies and not with the session cookies and as
> such it would make life easier on everybody if turning off cookies meant
> only that the browser would not write any cookie data to disk but would
> still accept session cookies.

FYI there's some activity in the HTTP WG on the subject of cookies and
privacy. Dunno where its at, but may be worth a look?

Cheers,

Ben.

-- 
Ben Laurie            |Phone: +44 (181) 735 0686| Apache Group member
Freelance Consultant  |Fax:   +44 (181) 735 0689|http://www.apache.org/
and Technical Director|Email: ben@algroup.co.uk |
A.L. Digital Ltd,     |Apache-SSL author     http://www.apache-ssl.org/
London, England.      |"Apache: TDG" http://www.ora.com/catalog/apache/

WE'RE RECRUITING! http://www.aldigital.co.uk/recruit/

Re: Grr... Cookie paranoia sucks!

Posted by Dean Gaudet <dg...@arctic.org>.

Axiom 1:  people are stupid.

I'm so happy I'm not dealing with cookies anymore.  But if you wanna see
my rant on it from a year or so ago:
http://www.arctic.org/~dgaudet/cookies

Anyone know if MSIE still only displays the cookie value, and not the
name, when it prompts the user?  I've always wanted to forcefeed MSIE
browsers cookies like "track@a34E093j_=click_OK_if_you_hate_cookies!".

Dean

On Mon, 8 Jun 1998, Rasmus Lerdorf wrote:

> Sorry for the vent, but I am getting very frustrated having to use all
> sorts of hacks to get around the fact that some people have cookies turned
> off.
> 
> Anybody have some decent in's at Netscape and Microsoft?  It would be very
> nice if the browsers would differentiate between long-life cookies (those
> that get stored on the users' disks) and session cookies.  I think the
> majority of people who are afraid of cookies invading their privacy have a
> problem with the long-life cookies and not with the session cookies and as
> such it would make life easier on everybody if turning off cookies meant
> only that the browser would not write any cookie data to disk but would
> still accept session cookies.
> 
> -Rasmus
> 
>