W3C home > Mailing lists > Public > www-html@w3.org > November 2001

Re: Is it OK to require per-session cookies?

From: Ethan J. Sudman <EthanSudman@home.com>
Date: Tue, 27 Nov 2001 14:06:12 -0600
Message-ID: <004601c1777e$f7194e60$6601a8c0@wkgn1.il.home.com>
To: Jonas Jørgensen <jonasj@jonasj.dk>, <www-html@w3.org>
Yes, I believe that it is acceptable. However, you should have a notice
somewhere that cookies are used (a lot of sites have a "privacy notice" or
something to that effect - you could put it in there), as your visitors will
be scandalized if they find out that you're using cookies without giving
them notice, and many people consider it to be an invasion of privacy to use
cookies without notifying them. Make sure that you'd put it in a logical
place, so that people can't blame you if they don't know that cookies are
being used.

Also note that cookies make some people uncomfortrible - they view cookies
as a sneaky way that companies use to take more information than is given.
They, of course, do not realize that cookies are nothing more than text
files, and so cannot mysteriously "gather" information about the person and
send it back to the company. They can only store what information is "given"
to them, not gather information on their own. Be sure to include a comment
about that in your privacy statement.

In spite of all the superstition about them, I think that cookies can, in
some cases at least, be beneficial - it makes it a lot easier to track
information about a customer, for one thing. And another thing, you can do
all kinds of cool things with them, like make each page customized to each
user (if you set it up right, and know JavaScript) and other cool things.

In any case, I wouldn't use them unless you have a good reason to. My web
site doesn't, even though I could track people a lot better with them (the
main reason that I don't is because I have no reason to need to know that
much about the people visiting my web site - all that I really need to know
is who's referring people to my web site and where people are coming from
and things like that, and I can find those out from the web server
statistics).

Hope this helps,
Ethan Sudman

----- Original Message -----
From: "Jonas Jørgensen" <jonasj@jonasj.dk>
To: <www-html@w3.org>
Sent: Sunday, November 25, 2001 8:37 AM
Subject: Is it OK to require per-session cookies?


> Hi.
>
> A quick question: Do you think it's acceptable to for e-commerce sites
> to require per-session cookies? It is so much easier to track users with
> a session cookie than to put the session id in every link and form...
>
> /Jonas
>
Received on Tuesday, 27 November 2001 15:04:41 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 March 2012 18:15:49 GMT