ACTION-660: Input to BP2, on Use of Cookies and Redirection from Sullivan, Bryan on 2008-02-15 (public-bpwg@w3.org from February 2008)

From: Sullivan, Bryan <BS3131@att.com>
Date: Fri, 15 Feb 2008 10:41:04 -0800
To: "BPWG-Public" <public-bpwg@w3.org>
Message-ID: <8080D5B5C113E940BA8A461A91BFFFCD05D94002@BD01MSXMB015.US.Cingular.Net>

Hi all,

This is one of a series of emails addressing ACTION-660. This thread
will address the requirements and recommendations for Use of Cookies and
Redirection in BP2.

Here is the current editor's draft text in the Requirements (2) and Best
Practice Statements (5) sections:
+++++
2.4 Use of cookies and redirection
HTTP cookies and redirection fulfill useful purposes in the mobile
context. Cookies support statefulness and personalization in browsers,
two considerations which can simplify the user experience and add value
to content and services. Redirect supports server-server interaction via
the browser, which is often essential for distributed services which
rely upon partitioning of service functions across different servers.

As compared to their use for web browser applications, cookies and
redirect may play less of a role in maintaining statefulness and
personalization for for web applications in general.
Application-specific methods may be used, and may include use of more
advanced technologies that are not available to some browsers. However,
support for statefulness and personalization will still need to consider
similar issues, e.g. state preservation/recovery and traffic overhead.
As well, distributed services may still rely upon redirect for web
applications.

The overall goal is to set reasonable expectations on the impact for use
of cookies and redirect in service delivery to browsers and web
applications, and to address alternatives for maintaining statefulness
and personalization.

5.4 Use of cookies and redirection
If personalized services use cookies, they should be capable of
recovering the cookie-based information without requiring user
information reentry, e.g. if the user-agent cookie cache is cleared.

If achieving personalization via redirect-based APIs, personalized
services should use redirect in an efficient manner to reduce latency
and data overhead, and require no more than two redirects to obtain the
necessary information. 
+++++

[bryan] These recommendations address one of the key limitatons in BP1,
the assertion that cookies and redirect are *bad* techniques to use in
the mobile environment. While they do have consequences (like
excessively large web pages), they also have values derived directly
from their purpose and common use for web applications in the wired web.

Best regards,
Bryan Sullivan | AT&T

Received on Friday, 15 February 2008 18:42:05 UTC