Re: Removing CommentURL

 

On Fri, 25 Jul 1997, Judson Valeski wrote:

>     Although the commentURL attribute would provide a richer context for the cookie to be evaluated in, it is going a step too far.  The comment attribute is sufficient to explain a cookie's purpose.  If it is not, the cookie server can provide a url in the comment attribute that the user/UA can reference for further info. regarding the cookie.  I would consider it bad practice for the url the cookie server sends in the comment attribute to contain cookies, but, content providers can obviously do whatever they want.
> 
>     As long as the UA allows for examination of cookies, the user has complete control over what cookies he keeps. If the user allows a cookie to be set because he didn't have a commentURL available for evaluation before accepting the cookie, before he issues another request he can examine his cookies and visit any url in any comment attribute he wants. If at that point the user decides he doesn't want that cookie, he can delete it.
> 
>     I'm not convinced of the need for a separate header just so a url can be explicitly provided.

First it is not a separate header, only an attribute associated with a 
cookie. Secondly, has has been pointed out, there is no
internationalization support in the comment, thirdly the ability to stick
a URL in comment text ... so what?  If commenturl is a supported
attribute, service implementors at least have a hint that providing a
URL is desirable.  UA implementors know that actually implementing 
URL clicking is expected ... suppose the comment includes a URL, do
you then expect the user to open a new UA window and cut and paste the
value or do you propose that UA's be required to recognize a URL 
in the comment text and make it clickable ... that is a more complex
implementation than what we've proposed and it has all the same worries
about nested cookies, etc.

> 
> Judson Valeski - Netscape
>

Received on Saturday, 26 July 1997 11:07:20 UTC