- From: Koen Holtman <koen@win.tue.nl>
- Date: Thu, 24 Jul 1997 20:33:07 +0200 (MET DST)
- To: Dave Kristol <dmk@research.bell-labs.com>
- Cc: dwm@xpasc.com, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Dave Kristol: > [...] >Does this wording express it adequately?: > >If the user agent allows the user to follow the [CommentURL] link [as >part of a cookie inspection user interface], it should neither send nor >accept a cookie until the user has completed the inspection. I think the approach to solving this problem is wrong: the burden of ensuring that the commentURL mechanism does not lead to user-unfriendly or recursive situations should be on the server side. I propose something like this: Servers SHOULD ensure that the user can visit the information pointed to by the commentURL without causing the user agent to receive additional Set-Cookie2 headers. User agents SHOULD guard against the entering of infinite loops due to the commentURL mechanism, and MAY do this by disabling cookie processing when the commentURL is visited. >Dave Kristol Koen.
Received on Thursday, 24 July 1997 11:38:02 UTC