- From: Ben Laurie <ben@algroup.co.uk>
- Date: Mon, 11 Aug 1997 08:50:53 +0100
- To: Shel Kaphan <sjk@amazon.com>
- Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Shel Kaphan wrote: > > Fact: some people hate cookies. They keep telling their browsers not to > accept them. > > A simple-minded way to write some kinds of server-side applications is > to make sure a browser has a cookie by re-issuing it under certain > conditions, such as not receiving a cookie header in the request. > It's annoying to have to have server side state to indicate whether > you think you've already sent someone a cookie, in order to avoid > annoying a user who may be deliberately rejecting cookies. > > Shouldn't there be something in the cookie-related part of the protocol > so a client can tell a server not to send a certain cookie? It would > be nice if it could specified at the level of a particular cookie, so > a user could be particular about which ones to accept and reject. > > Then, if a user told a browser not to accept a cookie, the browser > could include a header line on subsequent requests whose meaning would > be something like "Hey! Remember that cookie you tried to send me? > Well, don't!" > > I'm not proposing a specific implementation - just wondering if > there's any reaction here to such a thought. Isn't this rather self-defeating? This mechanism could then be used instead of the cookie. Cheers, Ben. -- Ben Laurie |Phone: +44 (181) 994 6435|Apache Group member Freelance Consultant |Fax: +44 (181) 994 6472|http://www.apache.org and Technical Director|Email: ben@algroup.co.uk |Apache-SSL author A.L. Digital Ltd, |http://www.algroup.co.uk/Apache-SSL London, England. |"Apache: TDG" http://www.ora.com/catalog/apache
Received on Monday, 11 August 1997 00:53:41 UTC