waider: (Default)
waider ([personal profile] waider) wrote2004-08-31 05:58 pm
  • Add Memory
  • Share This Entry
Entry tags:

maybe my role in life is to be cranky web guy

Hi. Your site uses cookies. That's nice. What I object to is the following:
  • one attempt to set cookies should be enough. it's easy to test if your cookie-setting succeeded, and if not, abandon any other attempts.
  • blocking access because I don't have a cookie is okay if the site uses cookies for auth. If the site uses cookies in some other way that prevents me from using it, I am no longer happy with you and will take my reading elsewhere.
  • if you are blocking on a login, and you redirect me from where I wanted to go to your login page, you should be forwarding me right back to that page once I've accepted your cookie. You should not be leaving me at a generic login page (thank you, washington post) because I'll just not bother trying to relocate the page I was looking for.
  • That bit about one attempt? How about ONE COOKIE? If you give me a single cookie, you can stash it away on your site with any other information you need to keep about what I'm doing. You do not have to send me multiple cookies.
  • Wait, you do want to send me multiple cookies? How about not sending them from multiple servers? Are people still doing this "one server for images, one for cgi scripts, one for, oh, I don't know, exploiting Internet Explorer security holes? It's annoying, it is. Can't you just set a single top-of-the-domain cookie, and use that to key everything else?
Sigh. I think it must be time to go home.
Threaded | Top-Level Comments Only

[identity profile] boutell.livejournal.com 2004-08-31 12:05 pm (UTC)(link)
> Why multiple cookies from multiple servers?

One of them is a grand central "keeping track of you" server that multiple sites use so that they can correlate their cookies and track your life. I think the major browsers have both taken steps to make this more difficult to accomplish.
ext_59397: my legs (swamp)

[identity profile] ilanarama.livejournal.com 2004-08-31 03:23 pm (UTC)(link)
Yeah, I recently got antsy about cookies and asked my browser to tell me about them. And today at one of my financial institutions I got a popup from my browser telling me that '[site] wants to set another cookie. You already have 14 cookies from this site.'

WTF?? Fourteen cookies? Geez, the only cookies that should come in numbers of a dozen or greater ought to be the edible ones.
ext_181967: (Default)

[identity profile] waider.livejournal.com 2004-09-01 05:05 am (UTC)(link)
Well, I can see that for cross-site correlation. However, there's no reason for foo.com to be handing me cookies from a.foo.com, b.foo.com, etc. since they should be able to correlate anything they like at the backend.

[identity profile] nothings.livejournal.com 2004-09-02 06:36 am (UTC)(link)
Heehee.
Threaded | Top-Level Comments Only