W3C home > Mailing lists > Public > www-p3p-public-comments@w3.org > October 2001

Re: http://www.w3.org/P3P/ -- Statement about volatile cookies

From: Lorrie Cranor <lorrie@research.att.com>
Date: Wed, 10 Oct 2001 13:05:05 -0400
Message-ID: <014401c151ad$b61b0260$3e06cf87@research.att.com>
To: <www-p3p-public-comments@w3.org>
Cc: <mheins@redhat.com>
>I suggest a change in the specification that would encourage user agents to
>allow setting of volatile cookies without a P3P statement on the site. A
>volatile cookie, of course, is one which has no expiration date and
therefore
>is not valid after the user agent session is finished (usually upon exit of
>the user agent software).

Thank you for taking the time to send us your comments on the
P3P1.0 specification. The working group discussed your
suggestion. However, the group feels that it is important for
web sites to explain the privacy practices around volatile
(or session) cookies. These cookies may, in some cases,
have important privacy-related consequences. It is, of course,
up to each user agent implementation to decide how it will
interact with cookies, and the P3P spec says very little about this.
In particular, the spec does not say anything about allowing
or not allowing cookies to be set. We do not think it is appropriate
to add this to the spec, especially singling out volatile cookies.

Regards,

Lorrie Cranor
P3P Specification Working Group Chair
Received on Wednesday, 10 October 2001 13:04:54 GMT

This archive was generated by hypermail 2.2.0+W3C-0.1 : Tuesday, 21 September 2004 12:14:17 GMT