RE: Should server beable to say NoCookie, No Show?

Yaron Goland (yarong@MICROSOFT.com)
Wed, 26 Mar 1997 12:20:03 -0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jeff de la Beaujardiere: "Re: HTTP Connection Management (draft-ietf-http-connection-00.txt)"
Previous message: Benjamin Franz: "RE: Should server beable to say NoCookie, No Show?"

Not to get back on an old horse, but - what right have we to tell a site
how to structure itself? If a site wants to send 10,000 warnings, that
is the site's business, not ours. Its like T.V., if you don't like the
content, change the channel.
		Yaron

> -----Original Message-----
> From:	Benjamin Franz [SMTP:snowhare@netimages.com]
> Sent:	Wednesday, March 26, 1997 11:57 AM
> To:	http working group
> Subject:	RE: Should server beable to say NoCookie, No Show?
> 
> >>Someone wrote: 
> 
> > >> Symetry would suggest that since we encourage/allow a UA to
> discard a
> > >> cookie under the user's discretion, we should have an optional
> > >> attribute
> > >> which allows the server to stipulate one of the following:
> > >> 
> > >>   a.  Dont show the page if the user rejects the cookie
> > >>   b.  Warn the user that if the cookie isn't accepted, the
> application
> > >>       won't operate correctly (this is almost covered by the
> > >>       comment/commentURL but its a different of message I think.
> Like
> > >>       Windows allows a message box to be one of several types to
> > >> reflect
> > >>       the content, the significance of the comment to the user
> would
> > >>       vary depending on the damage to the user's experience by
> > >>       rejecting the cookie.
> 
> 'b.' seems to be the open to same kind of 'hammer the user until they
> yield' abuse some servers use today against people who refuse cookies.
> a. 
> is fine. If 'b.' is allowed at all, it should be on a 'show this to me
> ONCE per session' basis. It was *deliberate* that the option for
> silent
> cookie refusals was added to the specs. This appears to be an attempt
> to
> subvert the intent of the 'silent refusal' aspect of the spec.
> 
> "Welcome To MegaCorp WebSite"
> 
> Want a cookie? No
> Want a cookie? No
> Want a cookie? No
> Want a cookie? No
> Want a cookie? No
> Want a cookie? No
> Want a cookie? No
> Want a cookie? No
> Want a cookie? No
> Want a cookie? No
> Want a cookie? No
> Want a cookie? No
> Want a cookie? No
> Want a cookie? No
> 
> "Welcome To MegaCorp WebSite"
> 
> Want a cookie (our site may not work right if you don't accept it)? No
> Want a cookie (our site may not work right if you don't accept it)? No
> Want a cookie (our site may not work right if you don't accept it)? No
> Want a cookie (our site may not work right if you don't accept it)? No
> Want a cookie (our site may not work right if you don't accept it)? No
> Want a cookie (our site may not work right if you don't accept it)? No
> Want a cookie (our site may not work right if you don't accept it)? No
> Want a cookie (our site may not work right if you don't accept it)? No
> 
> Argh.
> 
> -- 
> Benjamin Franz
>

Next message: Jeff de la Beaujardiere: "Re: HTTP Connection Management (draft-ietf-http-connection-00.txt)"
Previous message: Benjamin Franz: "RE: Should server beable to say NoCookie, No Show?"