Re: Should server beable to say NoCookie, No Show?

David W. Morris:
[...]
>Symetry would suggest that since we encourage/allow a UA to discard a
>cookie under the user's discretion, we should have an optional attribute
>which allows the server to stipulate one of the following:
>
>  a.  Dont show the page if the user rejects the cookie
>  b.  Warn the user that if the cookie isn't accepted, the application
[...]

Servers can already do this under the existing spec.  It is relatively easy
to build a `cookie-enabledness' detector by using redirection.

So I see no need to burden the protocol with yet another extension: this can
be solved with some clever CGI scripting.

The same goes for the CommentURL proposal that had been floating around in
another thread.  I don't think servers need hard-to-implement protocol
extensions if they want to tell their users about their privacy policy.  Why
not just put a link to your privacy policy on your company home page?

>Dave Morris

Koen.

Received on Tuesday, 25 March 1997 13:55:08 UTC