On Mon, Mar 10, 2008 at 6:15 AM, Michael Peters <[EMAIL PROTECTED]> wrote: > > I just use a URL encoded JSON cookie. I don't put anything sensitive in > there.
Is there a risk that this contributes to the bad reputation of cookies? One person puts stuff in a cookie and obfuscates it (presumably for a reason). Another encrypts it (presumably for a reason). There's no transparency for the user who isn't even asked if they accept this. To me, it sounds like the kind of thing that makes people disable cookies entirely (or, trust them too much and, before too long someone's definition of what's "not sensitive" and "satisfactory obfuscation" is incorrect). It seems like just storing a sessionID avoids all that. Is making the programming less complex worth falling into that category of cookie suspicion? Mark ##### CGI::Application community mailing list ################ ## ## ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp ## ## ## ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ## ## ################################################################