1996-08-07 - Re: Cookies on Microsoft Explorer?

Header Data

From: David.K.Merriman.-.webmaster@cygnus.com, “shellback.com” <merriman@amaonline.com>
To: cypherpunks@toad.com
Message Hash: 7699e7a7b3e5235dade822b89b5ffd0295d34e724b36c9019a8031ff9be052d6
Message ID: <199608061614.JAA06961@cygnus.com>
Reply To: N/A
UTC Datetime: 1996-08-07 04:57:31 UTC
Raw Date: Wed, 7 Aug 1996 12:57:31 +0800

Raw message

From: David.K.Merriman.-.webmaster@cygnus.com,       "shellback.com" <merriman@amaonline.com>
Date: Wed, 7 Aug 1996 12:57:31 +0800
To: cypherpunks@toad.com
Subject: Re: Cookies on Microsoft Explorer?
Message-ID: <199608061614.JAA06961@cygnus.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com, aeisenb@duke.poly.edu
Date: Tue Aug 06 11:14:00 1996
> Dave:
> 
> Thanks very much for responding.  Yes, MSIE3.0b2 does support cookies. 
>  I
> have several more questions based on your answer, if you have the time:
> 
> 1.  Does it ask you each time a cookie is sent?  Some sites send many,
> many cookies.  This would mean that you are in some instances constantly
> declining, even dozens of times.  Have I got this right?  

I have IE3 configured to ask me for permission to accept a cookie. Yes, 
some sites send (n!)+1 cookies during a session. If they send too many, I 
personally move on to another site, after sending them email (!).

> 
> 2.  Is "refuse-it-if-it-doesn't-expire" actually printed on the screen? 
>  I
> understand that some servers set short expiration times.  Does Netscape
> actually say, "tell us what expiration time you want?"  Or is it done
>  some
> other way?

Sorry for the confusion - the refuse-it policy I mentioned is a personal 
policy; there's no option (yet) to configure something like that in IE3. 
The only two things I've personally seen have been cookies with specific 
expiration dates (which I usually accept, if the date is reasonable 
[IMHO]), and cookies that don't display an expiration (which I refuse 
out-of-hand). It seems to be a compromise that suits _me_; YMMV.

> 
> 3.  If you can't automate, does this mean you have to refuse every
>  time?
> (This is, I guess, the same as question 1.)  Many, many thanks.

I can 'automate' to the extent of automatically accepting all cookies; yes, 
by not accepting every cookie, I'm obliged to make a decision for each 
request. One of the 'benefits' of being somewhate security-aware :-)

Dave

- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
PGP Email welcome and encouraged. Visit my web site at
         http://www.shellback.com/p/merriman
for my PGP key and fingerprint
"What is the sound of one hand clapping in a forest
with no one there to hear it?"
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAi3uZ2MAAAEEALWQtxX77SZSaFls6cVbPp+fZS4MNyKK3ZFYQo0qWyj+0tMq
YgRTPRJRaCQixo63RttknogfPp514qdVMZw5iPeOXmD+RxrmTTwlbGqA7QUiG1x5
LG2Zims5zk4U6/rt8hwLh0/8E4lIb9r5d31qc8L1A9Twk/cmN8VrTvyYOzAZAAUR
tClEYXZpZCBLLiBNZXJyaW1hbiA8bWVycmltYW5AbWV0cm9uZXQuY29tPokAlQMF
EC6sAl+SAziJlog3BQEBxX8D/05ub986Io1PaGJgDtVlbMOPh2pjdB3QSpA8T7bh
ngpsTbogz7LnFY6nLTH24dVswnzRGzX2XYN2FXQzYLEKpbuJPF85620EqEJt7eck
kDSr0MdCorCZ3ntHGlaRIEOG8En7r/NUxtPJSbeANHyKV0pZTJ0ZF3p71yAZoCU1
JJWoiQCVAwUQLqcRtKljmJBIq8VdAQFFCQQAidBWF05UfZ3HdLTZ2BjhkiztbHIL
fCMVAzMkNobRLH0jcQ+o4N9Ny7gAP2bHreadCYQAiyx24LWZaWB+LkG48vVXvSa1
Zv+ksrEp19U30jReTaDHMRg2IDQ0S7T/+YykWf4cx/L4x0ll55zfT29THWHVqpeA
4w0PnSBJubMsG6iJAJUCBRAt7mhNxWtO/Jg7MBkBAWyPA/9BYsA3G33jcg1SfuxC
Fh4yMVZCBrvgK2FBJZUdxkgR1WfVYe5/GzV3jRzJxuXGdt0yzFb8HsocRUvnA4vi
O6Jngza+seuc+dNC8X1LyyuW0rkogVZE6ds/v4qI2P+uticCh8xBLp7ieAjvGIcc
tdQnXrMxF+w6V80cSy/dqxJjtg==
=WVf6
- -----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMga4f8VrTvyYOzAZAQFSHQP+PDyrhYPZ6AMVyTk3ZSvlyF3rba9Xn7jZ
iGk3hN/2yPwdk2Oyaf7NOsL6WyyFPQOvfYgOhgb2Q49EPfhmqmo5PkZLEqb16f35
otKOAcAdKwMxwcG8aS7zEBrT4zquGoVRHxldJhfv71PUWihpsIxc4ZJKed9q+uCq
DjkRUtAW+2U=
=s19M
-----END PGP SIGNATURE-----






Thread