Re: Removing CommentURL

    Although the commentURL attribute would provide a richer context for the cookie to be evaluated in, it is going a step too far.  The comment attribute is sufficient to explain a cookie's purpose.  If it is not, the cookie server can provide a url in the comment attribute that the user/UA can reference for further info. regarding the cookie.  I would consider it bad practice for the url the cookie server sends in the comment attribute to contain cookies, but, content providers can obviously do whatever they want.

    As long as the UA allows for examination of cookies, the user has complete control over what cookies he keeps. If the user allows a cookie to be set because he didn't have a commentURL available for evaluation before accepting the cookie, before he issues another request he can examine his cookies and visit any url in any comment attribute he wants. If at that point the user decides he doesn't want that cookie, he can delete it.

    I'm not convinced of the need for a separate header just so a url can be explicitly provided.

Judson Valeski - Netscape

Larry Masinter wrote:

> Since this argument seems to have convinced one person,
> I thought I would make it more broadly and see if I could convince
> someone else.
>                                                   -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> Subject: Re: can't really be LAST CALL, "HTTP State Management Mechanism (Rev1) " to Propo
> Date: Wed, 23 Jul 1997 22:53:22 -0700
> From: Larry Masinter <>
> Organization: Xerox PARC
> To: "Joel N. Weber II" <>
> CC:
> References: <>
> I think that the problem is an important problem to solve, but that the
> proposal doesn't actually solve it, and is, in fact, impractical.
> > Effectively, showing the CommentURL merely involves going to a different
> > page, probably with a different set of cookies.  I don't see what's
> > really hard about it.  Is there something I'm missing?
> The proposal (CommentURL) is easy to implement. I am not claiming that
> it is 'hard'.
> I just think it is not very useful.
> > It is likely that at some point in the future I will implement a UA
> > which will support the CommentURL, and I would like the CommentURL
> > to be available.
> The fact that you would like this feature to be available doesn't
> actually address the question of whether the feature actually addresses
> the problem in a significant way.
> I don't think our adding CommentURLs in the protocol will actually help
> most users decide whether or not they want to accept cookies.
> That's why I'm opposed to the proposal: it makes the protocol more
> complicated while it won't actually be useful. It *could* be useful,
> there are *some* people for whom it will be useful, but it won't be
> useful in general, or generally used, most sites won't have CommentURLs,
> most clients won't have useful interactions with CommentURLs, and we'll
> have this extra widget in the protocol which doesn't actually do most
> people any good.
> Do you still disagree?
> Larry
> --

Received on Friday, 25 July 1997 13:36:17 UTC