- From: Mark Nottingham <mnot@mnot.net>
- Date: Wed, 22 Jun 2011 16:23:54 +1000
- To: "Poul-Henning Kamp" <phk@phk.freebsd.dk>
- Cc: Willy Tarreau <w@1wt.eu>, httpbis Group <ietf-http-wg@w3.org>
Again -- this is NOT recommending how large people should make cookies, but recommending a floor for implementations to support, to improve interop. On 22/06/2011, at 4:23 PM, Poul-Henning Kamp wrote: > In message <20110622060021.GE18843@1wt.eu>, Willy Tarreau writes: > >> As we discussed one month ago on this subject, shouldn't we recommend even >> smaller sizes ? > > I agree for four reasons: > > 1. Storing information in cookies are by definition unsafe and a > privacy problem. Cookies should primarily be used for anonymous > nonces which index server side storage. > > 2. Transmission and bandwidth waste. > > 3. Cookies represent inverse economics: It's the webserver which > controls their size, but the client pays for the bandwidth. > > 4. This is not a cookie: > > http://forums.techarena.in/off-topic-chat/1055039.htm > > Poul-Henning > > -- > Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 > phk@FreeBSD.ORG | TCP/IP since RFC 956 > FreeBSD committer | BSD since 4.3-tahoe > Never attribute to malice what can adequately be explained by incompetence. -- Mark Nottingham http://www.mnot.net/
Received on Wednesday, 22 June 2011 06:24:21 UTC