- From: Lorrie Cranor <lorrie@research.att.com>
- Date: Wed, 10 Oct 2001 13:05:05 -0400
- To: <www-p3p-public-comments@w3.org>
- Cc: <mheins@redhat.com>
>I suggest a change in the specification that would encourage user agents to >allow setting of volatile cookies without a P3P statement on the site. A >volatile cookie, of course, is one which has no expiration date and therefore >is not valid after the user agent session is finished (usually upon exit of >the user agent software). Thank you for taking the time to send us your comments on the P3P1.0 specification. The working group discussed your suggestion. However, the group feels that it is important for web sites to explain the privacy practices around volatile (or session) cookies. These cookies may, in some cases, have important privacy-related consequences. It is, of course, up to each user agent implementation to decide how it will interact with cookies, and the P3P spec says very little about this. In particular, the spec does not say anything about allowing or not allowing cookies to be set. We do not think it is appropriate to add this to the spec, especially singling out volatile cookies. Regards, Lorrie Cranor P3P Specification Working Group Chair
Received on Wednesday, 10 October 2001 13:04:54 UTC