From: Alex Strasheim <cp@proust.suba.com>
To: alano@teleport.com (Alan Olsen)
Message Hash: 176e61d9f2133a6841f916d49bddabeeb65bb3b3853dd5aceb7f727e90a2f9ad
Message ID: <199602141634.KAA10099@proust.suba.com>
Reply To: <2.2.32.19960214024957.0076a27c@mail.teleport.com>
UTC Datetime: 1996-02-15 11:02:10 UTC
Raw Date: Thu, 15 Feb 1996 19:02:10 +0800
From: Alex Strasheim <cp@proust.suba.com>
Date: Thu, 15 Feb 1996 19:02:10 +0800
To: alano@teleport.com (Alan Olsen)
Subject: Re: Netscrape's Cookies
In-Reply-To: <2.2.32.19960214024957.0076a27c@mail.teleport.com>
Message-ID: <199602141634.KAA10099@proust.suba.com>
MIME-Version: 1.0
Content-Type: text
> >>I'm curious if anyone knows which sites use/modify it.
> >AFAIK, the only site that uses it is *.netscape.com
>
> That is not quite true. There are other sites that use the cookies. (It is
> not very common though...)
A good place to read about cookies is http://www.illuminatus.com/cookie;
I think there are pointers to cgi/perl stuff that manipulates them.
Cookies are very helpful for database and commerce applications. I'm
using them for a crude online store, as a way to let the web server keep
track of who has what in their shopping basket. Another way to solve the
same problem (letting the server store state information) is to put data
in the urls. (ie., when you sign in, you get a page back that's
generated on the fly, and all the links in that page have a session id
embedded in the urls.)
Preserving state information is useful, and as it's been pointed out here,
the cookie only contains information that came from the web server in the
first place -- I don't see coookies as a major threat to privacy. You
could even argue the other side (somewhat unconvincingly), that cookies
let you put more applications under the netscape/ssl umbrella. As the web
grows more robust, a secure web means having stuff like secure
communications between workstations and db servers, etc. Cookies make it
easier to do db applications.
But in general, I'd like to see netscape adopt a system that lets people
know when information is going to be transmitted to a remote site. It's
easy to grab someone's email address by seting up a form with only hidden
fields and trick people into submitting it by mail by clicking on a
button. The ftp problem has been discussed here before, and addressed by
Netscape.
The best answer would probably be to use the kind of pop-up messages you
get when you're going to submit a secure or insecure form. "You're about
to send a cookie back to a web server, continue or abandon?" "You're
about to send mail from a web page, do you want to do that?" Give people
the ability to turn the messages off -- that way functionality isn't
impaired.
Return to February 1996
Return to “Alex Strasheim <cp@proust.suba.com>”