[Previous] [Next] [Index]
[Thread]
Re: cookies and privacy
"Seth I. Rich" <seth@hygnet.com> wrote:
> > [dmk wrote:]
> > There's generally a reluctance to add new HTTP headers. Furthermore,
> > the original Netscape implementation used the expires-in-the-past
> > mechanism. So for compatibility we did the same.
>
> I'm not convinced by this argument, though. Yes, expires-in-the-past
> should work, for backwards compatibility. But if the "cookie" thing is
> going to be enshrined as a standard, shouldn't there be a -real- way to
> delete a cookie, one which doesn't depend on the time settings on the
> clients' machines?
Well, actually we (authors) partly agree. The I-D actually calls for a
Max-Age attribute for new cookies which is a delta and thus not
affected by client machines' clocks.
Dave Kristol