[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

RE: Re: Cookies at XML Europe 2004 -- Call for Participation

• To: "'Joshua Allen'" <joshuaa@m...>, "'Rich Salz'" <rsalz@d...>, "'Elliotte Rusty Harold'" <elharo@m...>
• Subject: RE: Re: Cookies at XML Europe 2004 -- Call for Participation
• From: "Bob Wyman" <bob@w...>
• Date: Mon, 5 Jan 2004 17:34:30 -0500
• Cc: "'Edd Dumbill'" <edd@u...>, "'David Kunkel'" <DKunkel@i...>, "'XML-DEV'" <xml-dev@l...>
• Importance: Normal
• In-reply-to: <0E36FD96D96FCA4AA8E8F2D199320E529FBC22@R...>
• Reply-to: <bob@w...>

Joshua Allen wrote:
> The login token stored in the cookie 
> can always be embedded in the URL path,
	One of the original motivations for doing cookies was to
remove "state information" from the URL so that it wouldn't compromise
privacy by showing up in referral string information. If you embed
"cookies" in URL's you end up leaking private data between sites. This
is not good.
	See www-talk archives for 1994 or so to see the discussions on
"state management" (i.e. cookies).

		bob wyman

• References:
  • RE: Re: Cookies at XML Europe 2004 -- Call for Participation
    • From: "Joshua Allen" <joshuaa@m...>

• Prev by Date: Re: Re: Cookies at XML Europe 2004 -- Call for Participation
• Next by Date: RE: Re: Cookies at XML Europe 2004 -- Call for Particip ation
• Previous by thread: Re: Re: Cookies at XML Europe 2004 -- Call for Participation
• Next by thread: RE: Re: Cookies at XML Europe 2004 -- Call for Participation
• Index(es):
  • Date
  • Thread