W3C home > Mailing lists > Public > public-appformats@w3.org > February 2008

Re: To cookie or not to cookie

From: Anne van Kesteren <annevk@opera.com>
Date: Tue, 26 Feb 2008 13:08:39 +0100
To: "Brad Porter" <bwporter@yahoo.com>, "Daniel Veditz" <dveditz@mozilla.com>
Cc: "Jonas Sicking" <jonas@sicking.cc>, "WAF WG (public)" <public-appformats@w3.org>, "Window Snyder" <window@mozilla.com>, "Brandon Sterne" <bsterne@mozilla.com>, "Jesse Ruderman" <jruderman@gmail.com>
Message-ID: <op.t64r0pdp64w2qv@annevk-t60.oslo.opera.com>

On Sat, 23 Feb 2008 23:02:37 +0100, Brad Porter <bwporter@yahoo.com> wrote:
> The intention is to cripple the access-control functionality by  
> eliminating cookies in order to prevent site authors from injuring  
> themselves, thus eliminating a large class of valid use cases but  
> preventing site-authors from leaking their own user-specific data  
> covered by their own privacy policy.

I'd like to see an update on this from the Mozilla folks. I think if  
cookies are not part of the request we should simply nuke the whole idea.


One thing that might be worth considering is adopting the policy Safari  
and Internet Explorer have for cookies. That is not accepting third-party  
cookies, but always including cookies in the request. Then again, there  
are already tracking methods without cookies and are actively being used  
(Hixie pointed out paypal + doubleclick on IRC) so I'm not sure whether  
complicated cookie processing models are worth it at all.


-- 
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
Received on Tuesday, 26 February 2008 12:04:56 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 26 February 2008 12:04:57 GMT