xml-dev - RE: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation

RE: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation

[ Lists Home | Date Index | Thread Index ]

To: "'Joshua Allen'" <joshuaa@microsoft.com>, "'Rich Salz'" <rsalz@datapower.com>, "'Elliotte Rusty Harold'" <elharo@metalab.unc.edu>
Subject: RE: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation
From: "Bob Wyman" <bob@wyman.us>
Date: Mon, 5 Jan 2004 17:34:30 -0500
Cc: "'Edd Dumbill'" <edd@usefulinc.com>, "'David Kunkel'" <DKunkel@idealliance.org>, "'XML-DEV'" <xml-dev@lists.xml.org>
Importance: Normal
In-reply-to: <0E36FD96D96FCA4AA8E8F2D199320E529FBC22@RED-MSG-43.redmond.corp.microsoft.com>
Reply-to: <bob@wyman.us>

Joshua Allen wrote:
> The login token stored in the cookie 
> can always be embedded in the URL path,
	One of the original motivations for doing cookies was to
remove "state information" from the URL so that it wouldn't compromise
privacy by showing up in referral string information. If you embed
"cookies" in URL's you end up leaking private data between sites. This
is not good.
	See www-talk archives for 1994 or so to see the discussions on
"state management" (i.e. cookies).

		bob wyman

References:
- RE: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation
  - From: "Joshua Allen" <joshuaa@microsoft.com>

Prev by Date: Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation
Next by Date: RE: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Particip ation
Previous by thread: Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation
Next by thread: RE: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation
Index(es):
- Date
- Thread