On Sat, 23 Feb 2008 23:02:37 +0100, Brad Porter <[EMAIL PROTECTED]> wrote:
The intention is to cripple the access-control functionality by eliminating cookies in order to prevent site authors from injuring themselves, thus eliminating a large class of valid use cases but preventing site-authors from leaking their own user-specific data covered by their own privacy policy.
I'd like to see an update on this from the Mozilla folks. I think if cookies are not part of the request we should simply nuke the whole idea.
One thing that might be worth considering is adopting the policy Safari and Internet Explorer have for cookies. That is not accepting third-party cookies, but always including cookies in the request. Then again, there are already tracking methods without cookies and are actively being used (Hixie pointed out paypal + doubleclick on IRC) so I'm not sure whether complicated cookie processing models are worth it at all.
-- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
