- From: Jeremey Barrett <jeremey@veriweb.com>
- Date: Thu, 6 Feb 1997 12:40:44 -0800 (PST)
- To: ruby@name.net
- CC: www-talk@w3.org
- Cc: jeremey@veriweb.com
-----BEGIN PGP SIGNED MESSAGE----- > As a WWW developer since 1994, I was relieved by the arrival of > cookies as a client state storage mechanism. No longer would I degrade > performance or double app development time by having a dozen HTML files > returned by a separate CGI, merely to preserve the PATH_INFO or QUERY_STRING > stored state in every URL embedded in the returned file, just to preserve > the user's entered name from the first application page to the last, where > we say "Goodbye, <name>.". Then we began to use cookies to store Java applet > state between invocations. Client state storage is now a cornerstone for > most serious applications. Suggestions from the UA that the user turn off > cookies for "security" merely break these apps, while keeping failing to > keep any info "private". Misinformation about the privacy risks of cookies is very damaging to the many legitimate applications that require them. However, I know of _no_ case where as an application developer or a user I would want a user-agent to send cookies to a domain that does not match that of the enclosing document. This should be configurable of course, perhaps with the ability to block cookies to particular sites. Maintaining privacy does _not_ break legitimate apps, in fact it makes them less likely to break. Currently, many people turn off cookies altogether in fear of the privacy risks. Certainly that will break cookie-requiring apps. - -- =-----------------------------------------------------------------------= Jeremey Barrett VeriWeb Internet Corp. Senior Software Engineer http://www.veriweb.com/ PGP Key fingerprint = 3B 42 1E D4 4B 17 0D 80 DC 59 6F 59 04 C3 83 64 =-----------------------------------------------------------------------= -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface iQCVAwUBMvpByi/fy+vkqMxNAQFOwwP/V3OlxdLz7lSH3Xz+31+GvKuTPHd2bzX/ qNVyjAI+xpGI3NQBvB4ewCLSDQX4eyR+coJU7oFpJt7nnDJjpWxBUwWadmiO8VzI hj7laiSR/w6XlyiopSBprorWo2bPUOHoT9GZjaHr6hanLMk0JCgHHF/C4mxqZlSW iFXWzmnZU0Y= =DKrt -----END PGP SIGNATURE-----
Received on Thursday, 6 February 1997 15:41:00 UTC