W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1996

Re: I-D ACTION:draft-ietf-http-state-mgmt-03.txt, .ps

From: Marc Salomon <marc@ckm.ucsf.edu>
Date: Wed, 24 Jul 1996 12:29:51 -0700
Message-Id: <9607241229.ZM498@gaia.ckm.ucsf.edu>
To: lentz@annie.astro.nwu.edu, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
lentz@annie.astro.nwu.edu wrote:
|Yet I would also like for the cookie to disappear after one person's
|"use" of the client, whether this be signified by an actual quitting of
|the client program, closing the browsing window, switching user environment,
|etc.

This is not a protocol issue, rather an implementation issue.  I'd recommended
the following language regarding the tossing of cookies that didn't make it
into the draft:

+If a browser has a kiosk mode for use as a public terminal, and is configured
+to accept cookies, then the user agent should be configurable to clear its
+cookie cache (and any other per-user authentication data), either by an
+explicit user "log out" command or by a timeout mechanism.

There is enough complexity to the unaddressed issues of cookie privacy that
aren't appropriate to the protocol specification that an informational document
on cookie practice is probably a good idea.

-marc

-- 
Received on Wednesday, 24 July 1996 12:36:14 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:32:05 EDT