RE: Should server beable to say NoCookie, No Show? from Benjamin Franz on 1997-03-26 (ietf-http-wg@w3.org from January to March 1997)

From: Benjamin Franz <snowhare@netimages.com>
Date: Wed, 26 Mar 1997 11:57:04 -0800 (PST)
To: http working group <http-wg@cuckoo.hpl.hp.com>
Message-Id: <Pine.LNX.3.95.970326114709.10666E-100000@ns.viet.net>

>>Someone wrote: 

> >> Symetry would suggest that since we encourage/allow a UA to discard a
> >> cookie under the user's discretion, we should have an optional
> >> attribute
> >> which allows the server to stipulate one of the following:
> >> 
> >>   a.  Dont show the page if the user rejects the cookie
> >>   b.  Warn the user that if the cookie isn't accepted, the application
> >>       won't operate correctly (this is almost covered by the
> >>       comment/commentURL but its a different of message I think. Like
> >>       Windows allows a message box to be one of several types to
> >> reflect
> >>       the content, the significance of the comment to the user would
> >>       vary depending on the damage to the user's experience by
> >>       rejecting the cookie.

'b.' seems to be the open to same kind of 'hammer the user until they
yield' abuse some servers use today against people who refuse cookies.  a. 
is fine. If 'b.' is allowed at all, it should be on a 'show this to me
ONCE per session' basis. It was *deliberate* that the option for silent
cookie refusals was added to the specs. This appears to be an attempt to
subvert the intent of the 'silent refusal' aspect of the spec.

"Welcome To MegaCorp WebSite"

Want a cookie? No
Want a cookie? No
Want a cookie? No
Want a cookie? No
Want a cookie? No
Want a cookie? No
Want a cookie? No
Want a cookie? No
Want a cookie? No
Want a cookie? No
Want a cookie? No
Want a cookie? No
Want a cookie? No
Want a cookie? No

"Welcome To MegaCorp WebSite"

Want a cookie (our site may not work right if you don't accept it)? No
Want a cookie (our site may not work right if you don't accept it)? No
Want a cookie (our site may not work right if you don't accept it)? No
Want a cookie (our site may not work right if you don't accept it)? No
Want a cookie (our site may not work right if you don't accept it)? No
Want a cookie (our site may not work right if you don't accept it)? No
Want a cookie (our site may not work right if you don't accept it)? No
Want a cookie (our site may not work right if you don't accept it)? No

Argh.

-- 
Benjamin Franz

Received on Wednesday, 26 March 1997 12:03:40 UTC