- From: Mike O'Neill <michael.oneill@baycloud.com>
- Date: Sat, 11 Oct 2014 13:46:08 +0100
- To: "'David Singer'" <singer@apple.com>, "'Roy T. Fielding'" <fielding@gbiv.com>
- Cc: "'Nicholas Doty'" <npdoty@w3.org>, "'Tracking Protection Working Group'" <public-tracking@w3.org>
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > True, but the question of “how do I expire a UGE?” came up, and *one* way to > do it is to use a cookie. I think it may work acceptably well for some or many. Hardly anyone will do that, it is too complicated. > > Somehow we’ve got from “can I use a cookie as the timer to help me expire a > UGE?” to “can I rely on a cookie to record a UGE?”. The answer to the first is > yes, if you like. But it doesn’t give you the right to ignore the DNT header and > treat the cookie as definitive. > > If the DNT header comes as zero, and the cookie doesn’t arrive, then you > eyebrows go up and you probably re-confirm the exception and re-set the > cookie. You cannot re-confirm unless the resource returns html, and sometimes not even then. In my use case re-conformation is impossible. DNT will always be zero (because it will not be cancelled) , and the cookie is not there either a) it has expired or b) it was purged or c) it was never placed (the DNT:0 signalled a general preference). This is why it is hard to get software that relies on non-atomic states to work, and hardly anybody will try. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (MingW32) Comment: Using gpg4o v3.3.26.5094 - http://www.gpg4o.com/ Charset: utf-8 iQEcBAEBAgAGBQJUOSaPAAoJEHMxUy4uXm2JqmMH/iH7D6gvU1PNKg6tqVMTEFyW M9K6vaszmMiuuE1Gm+c5TY9j0ZXjPAHJuvBZnd9Uel01HSvvZJWFoOkinRTX0Gso K/p3wLugOI4phRdiT5IZ1Cmb+xtfoemXBglqAvZclwdYvREdNWHmFv9ibPlxu3fY PRBxHXRWaGF3Zpa42Y8PFm9wGL3/kv7+Ihx/r+/TiDNZpFvhC6K09NdCuYYnYU82 zlTBkr6Gn1A8mwmAsPLYf6ntZl1R18gdxnkVCUVnOD0d+DP6HZXFNrWGUFMUWf78 LC4VIm21rDFisK7yEVwf8igxDHVzns+DipjH740xdcFUQ7Rvtk4G/l0dmM78Skk= =1Bjy -----END PGP SIGNATURE-----
Received on Saturday, 11 October 2014 12:46:43 UTC