Re: I-D ACTION:draft-ietf-http-state-mgmt-03.txt, .ps

lentz@annie.astro.nwu.edu wrote:
|Yet I would also like for the cookie to disappear after one person's
|"use" of the client, whether this be signified by an actual quitting of
|the client program, closing the browsing window, switching user environment,
|etc.

This is not a protocol issue, rather an implementation issue.  I'd recommended
the following language regarding the tossing of cookies that didn't make it
into the draft:

+If a browser has a kiosk mode for use as a public terminal, and is configured
+to accept cookies, then the user agent should be configurable to clear its
+cookie cache (and any other per-user authentication data), either by an
+explicit user "log out" command or by a timeout mechanism.

There is enough complexity to the unaddressed issues of cookie privacy that
aren't appropriate to the protocol specification that an informational document
on cookie practice is probably a good idea.

-marc

-- 

Received on Wednesday, 24 July 1996 12:36:14 UTC