Hi, http://lcamtuf.blogspot.com/2010/10/http-cookies-or-how-not-to-design.html
Full of interesting tid-bits e.g.:
[There] is simply no accurate, official account of cookie behavior in modern browsers; the two relevant RFCs, often cited by people arguing on the Internet, are completely out of touch with reality
The author also explains why some of the security issues associated with cookies aren't going to go away any time soon. The article also shows how the ideal of a lean, stripped-down browser isn't possible beyond certain limits because of all the special cases (with cookies at least) which have to be handled.
Finally, some troubling patterns are suggested with the HTML5 spec - there is a sense of history possibly repeating.
All the best, Grant -- NZ PHP Users Group: http://groups.google.com/group/nzphpug To post, send email to [email protected] To unsubscribe, send email to [email protected]
