W3C home > Mailing lists > Public > www-p3p-policy@w3.org > August 2001

Re: expiry changes / cookie events

From: Sebastian Kamp <kamp@ti.informatik.uni-kiel.de>
Date: Fri, 3 Aug 2001 17:28:34 +0200
To: <www-p3p-dev@w3.org>, <www-p3p-policy@w3.org>
Message-Id: <0108031728340X.07894@rosmarin>

On Wednesday 01 August 2001 20:27, Lorrie Cranor wrote:
> ...
> These changes eliminate the use of
> HTTP headers for determining policy and policy reference
> file expiry, move the EXPIRY element to be a child of
> the POLICIES element, and clarify the meaning of expiry.
> In addition, we will change sections 3.2.1 and 3.2.2 to
> move the EXPIRY element to be a child of the POLICIES
> element instead of the POLICY element (and update
> the DTD and schema accordingly).

Is it correct that the only way then to associate a lifetime to a policy 
(other than 24-hours) is by putting it into a POLICIES element?
If this was true, I'd find it somehow inconvenient.

> ...
> user agents MUST use only non-expired policies
> and policy reference files when evaluating new set-cookie events."

This is confusing. Maybe I am wrong, but isn't setting a cookie (or rather 
letting it set) is actually harmless? I think sending a cookie (back to the 
domain which set it) is the crucial moment. The policies and policy 
references involved should not be expired the moment we *send* a cookie.
Since there could elapse quite a period of time between these two events, I 
think this is an important difference.

Sebastian Kamp
Received on Friday, 3 August 2001 11:30:15 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:01:07 UTC