Re: Removing CommentURL

David W. Morris wrote:

> What you propose guarantees that users will never look at the information
> about cookies.  How do you expect them to find the information on
> Netscape's or IBM's or Micorsoft's sites. The commentURL provides the
> connection.  Otherwise it's a giant adventure game.

I don't know that I've proposed any "guarantees."  What I was getting at was
that perhaps content providers should be the ones supplying this link to
information about the cookies they're setting. I don't know/care how they
would do it (maybe always having a comment URL hyper-link at the bottom of a
stateful page or something), the point I was making is that maybe it should be
their responsibility, not ours.

Regarding the possibility of further cookies being sent/set when a request for
a comment URL is made...
I would like to reiterate that I would consider it bad practice for a content
provider to associate cookies with a comment URL, but well within their
rights. If a comment URL is designed to describe the cookies associated with
other urls, that should be its only purpose. I see no need to be
sending/setting cookies with a comment URL; doing so unnecessarily opens a can
of worms. However, I consider two reactions to this possibility:

1. Business as usual. If the request to a comment URL is made and a set-cookie
header is in the response, so be it, the UA takes no action and treats the
comment URL like any other. If the user finds himself spinning down a spiral
of cookie approvals via comment URLs, he can enjoy the ride, or get off.

2. No cookies will be sent or set when a comment URL is in question. The UA
knows this given url is a comment URL and doesn't send any cookies with the
request for it, nor does it allow any cookies to be set when receiving the

UA reaction #1 is most likely to be implemented, not because #2 is difficult
by any means, but, because the comment URL is after all simply a url like any

Judson Valeski

Having said that, correct behavior when a request for a comment URL goes out
will to not

>From the UA's perspective I'm inclined

> Dave Morris

Received on Sunday, 27 July 1997 12:50:31 UTC