Re: Removing CommentURL
Judson Valeski (valeski@netscape.com)
Fri, 25 Jul 1997 13:33:16 -0700
Although the commentURL attribute would provide a richer context for =
the cookie to be evaluated in, it is going a step too far. The comment a=
ttribute is sufficient to explain a cookie's purpose. If it is not, the =
cookie server can provide a url in the comment attribute that the user/UA=
can reference for further info. regarding the cookie. I would consider =
it bad practice for the url the cookie server sends in the comment attrib=
ute to contain cookies, but, content providers can obviously do whatever =
they want.
As long as the UA allows for examination of cookies, the user has com=
plete control over what cookies he keeps. If the user allows a cookie to =
be set because he didn't have a commentURL available for evaluation befor=
e accepting the cookie, before he issues another request he can examine h=
is cookies and visit any url in any comment attribute he wants. If at tha=
t point the user decides he doesn't want that cookie, he can delete it.
I'm not convinced of the need for a separate header just so a url can=
be explicitly provided.
Judson Valeski - Netscape
Larry Masinter wrote:
> Since this argument seems to have convinced one person,
> I thought I would make it more broadly and see if I could convince
> someone else.
>
> ---------------------=
-------------------------------------------------------------------------=
-------------------------------------------------------------------------=
-------------------------------------------------------------------------=
-------------------------------------------------------------------------=
-------------------------------------------------------------------------=
-------------------------------------------------------------------------=
-------------------------------------------------------------------------=
-------------------------------------------------------------------------=
-------------------------------------------------------------------------=
-------------------------------------------------------------------------=
-------------------------------------------------------------------------=
-------------------------------------------------------------------------=
--
>
> Subject: Re: can't really be LAST CALL, "HTTP State Management Mechanis=
m (Rev1) " to Propo
> Date: Wed, 23 Jul 1997 22:53:22 -0700
> From: Larry Masinter <masinter@parc.xerox.com>
> Organization: Xerox PARC
> To: "Joel N. Weber II" <devnull@gnu.ai.mit.edu>
> CC: dmk@bell-labs.com
> References: <199707240147.VAA23530@mescaline.gnu.ai.mit.edu>
>
> I think that the problem is an important problem to solve, but that the=
> proposal doesn't actually solve it, and is, in fact, impractical.
>
> > Effectively, showing the CommentURL merely involves going to a differ=
ent
> > page, probably with a different set of cookies. I don't see what's
> > really hard about it. Is there something I'm missing?
>
> The proposal (CommentURL) is easy to implement. I am not claiming that
> it is 'hard'.
> I just think it is not very useful.
>
> > It is likely that at some point in the future I will implement a UA
> > which will support the CommentURL, and I would like the CommentURL
> > to be available.
>
> The fact that you would like this feature to be available doesn't
> actually address the question of whether the feature actually addresses=
> the problem in a significant way.
> I don't think our adding CommentURLs in the protocol will actually help=
> most users decide whether or not they want to accept cookies.
>
> That's why I'm opposed to the proposal: it makes the protocol more
> complicated while it won't actually be useful. It *could* be useful,
> there are *some* people for whom it will be useful, but it won't be
> useful in general, or generally used, most sites won't have CommentURLs=
,
> most clients won't have useful interactions with CommentURLs, and we'll=
> have this extra widget in the protocol which doesn't actually do most
> people any good.
>
> Do you still disagree?
>
> Larry
> --
>
> http://www.parc.xerox.com/masinter