Re: cookies and privacy

• To: www-security@ns2.rutgers.edu
• Subject: Re: cookies and privacy
• From: "David W. Morris" <dwm@shell.portal.com>
• Date: Tue, 16 Jul 1996 12:48:51 -0700 (PDT)
• In-Reply-To: <199607161613.JAA09124@jobe.shell.portal.com>

On Tue, 16 Jul 1996, Hal wrote:

> Then sites which are using them to distinguish your shopping cart from
> others can ask you to shift-click when you choose the "buy" button so
> that your cookie will be sent and it can add it to your list as
> distinguished from everyone else's.  But when you are just browsing
> around, your privacy is protected because no cookies are sent.
> 
> I think this would put control over the whole cookie situation back into
> user's hands.  I don't think there are many legitimate situations where
> cookies have to be sent all the time like they are now.  Too much is
> going on behind the user's back.  Let's make it more visible and put it
> under his control.

The problem with your suggestion is that it makes creation of a pseudo
session impossible where the cookie is used to carry the identification
of the session. The current generation of WEB authentication mechanisms
are quite lacking when it comes to integration of a login concept to
an interaction and then tracking the logical session which has been
logged in.

The restriction someone else proposed about only returning cookies to the
'base' URL host site but not for images might work into a good solution.

Dave Morris

• Re: cookies and privacy
• From: Hal <hfinney@shell.portal.com>

• Previous: Re: cookies and privacy
• Next: C programming
• Index(es):
  • Index
  • Thread