W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1997

RE: Should server beable to say NoCookie, No Show?

From: David W. Morris <dwm@xpasc.com>
Date: Wed, 26 Mar 1997 13:48:32 -0800 (PST)
To: Benjamin Franz <snowhare@netimages.com>
Cc: http working group <http-wg@cuckoo.hpl.hp.com>
Message-Id: <Pine.SOL.3.95.970326134254.2898H-100000@shell1.aimnet.com>
X-Mailing-List: <http-wg@cuckoo.hpl.hp.com> archive/latest/2918

On Wed, 26 Mar 1997, Benjamin Franz wrote:

> >>Someone wrote: 
> > >> Symetry would suggest that since we encourage/allow a UA to discard a
> > >> cookie under the user's discretion, we should have an optional
> > >> attribute
> > >> which allows the server to stipulate one of the following:
> > >> 
> > >>   a.  Dont show the page if the user rejects the cookie
> > >>   b.  Warn the user that if the cookie isn't accepted, the application
> > >>       won't operate correctly (this is almost covered by the
> > >>       comment/commentURL but its a different of message I think. Like
> > >>       Windows allows a message box to be one of several types to
> > >> reflect
> > >>       the content, the significance of the comment to the user would
> > >>       vary depending on the damage to the user's experience by
> > >>       rejecting the cookie.
> 'b.' seems to be the open to same kind of 'hammer the user until they
> yield' abuse some servers use today against people who refuse cookies.  a. 
> is fine. If 'b.' is allowed at all, it should be on a 'show this to me
> ONCE per session' basis. It was *deliberate* that the option for silent
> cookie refusals was added to the specs. This appears to be an attempt to
> subvert the intent of the 'silent refusal' aspect of the spec.

Nope .... well I wrote the question/proposal and there is no such intent
.... what the intent is is to build more robust www applications. I have
no objection when/if this written is spec. language that how the warning
is delivered would be a UI issue. The current spec. is long on telling the
client that they must give the user flexibility but really short on
helping the user understand the implications of that flexibility.

And frankly, I consider clients and servers peers. If the client user is
silly enough to keep going back to a site and refusing the cookie then I
don't see why they shouldn't keep getting warned. That is the cost of
using the server. 

Dave Morris
Received on Wednesday, 26 March 1997 13:50:58 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 14:40:19 UTC