Re: cookies and privacy

• To: seth@hygnet.com
• Subject: Re: cookies and privacy
• From: dmk@allegra.att.com (Dave Kristol)
• Date: Wed, 17 Jul 96 12:38:49 EDT
• Cc: www-security@ns2.rutgers.edu

  > I've just read this, and I apologize if this is the wrong forum for me to
  > make my comments.  The first thing I notice is that this draft maintains
  > the (IMO) absurd practice of deleting a cookie by expiring it into the
  > past.  Wouldn't it be better to remedy that now with a "delete-cookie:"
  > HTTP header?

There's generally a reluctance to add new HTTP headers.  Furthermore,
the original Netscape implementation used the expires-in-the-past
mechanism.  So for compatibility we did the same.

Dave Kristol

• Re: cookies and privacy
• From: "Seth I. Rich" <seth@hygnet.com>

• Previous: Re: cookies and privacy
• Next: Re:- cookies and privacy
• Index(es):
  • Index
  • Thread