Re: a positive "no thanks" to cookies?

Shel Kaphan wrote:
> Fact: some people hate cookies.  They keep telling their browsers not to
> accept them.
> A simple-minded way to write some kinds of server-side applications is
> to make sure a browser has a cookie by re-issuing it under certain
> conditions, such as not receiving a cookie header in the request.
> It's annoying to have to have server side state to indicate whether
> you think you've already sent someone a cookie, in order to avoid
> annoying a user who may be deliberately rejecting cookies.
> Shouldn't there be something in the cookie-related part of the protocol
> so a client can tell a server not to send a certain cookie?  It would
> be nice if it could specified at the level of a particular cookie, so
> a user could be particular about which ones to accept and reject.
> Then, if a user told a browser not to accept a cookie, the browser
> could include a header line on subsequent requests whose meaning would
> be something like "Hey! Remember that cookie you tried to send me?
> Well, don't!"
> I'm not proposing a specific implementation - just wondering if
> there's any reaction here to such a thought.

Isn't this rather self-defeating? This mechanism could then be used
instead of the cookie.



Ben Laurie            |Phone: +44 (181) 994 6435|Apache Group member
Freelance Consultant  |Fax:   +44 (181) 994 6472|
and Technical Director|Email: |Apache-SSL author
A.L. Digital Ltd,     |
London, England.      |"Apache: TDG"

Received on Monday, 11 August 1997 00:53:41 UTC