undefined | Better HN

0 pointsjefftk4y ago0 comments

The first cookie RFC, rfc2109 (1997), was even more conservative:

An origin server could create a Set-Cookie header to track the path of a user through the server. Users may object to this behavior as an intrusive accumulation of information, even if their identity is not evident. (Identity might become evident if a user subsequently fills out a form that contains identifying information.) This state management specification therefore requires that a user agent give the user control over such a possible intrusion... --https://datatracker.ietf.org/doc/html/rfc2109#section-7.1

0 comments

Too4y ago

Early versions of Internet Explorer used to follow this and prompt about cookie storage all the time, to everybody’s great annoyance. Eventually it defaulted to always allow.

Now with GDPR prompts we’ve come full circle, but instead get the UI of the web site instead of the user agent, allowing all kinds of dark patterns to be exploited and requiring re-prompts all the time for those of us who don’t allow the page to keep cookies in the agent.

j / k navigate · click thread line to collapse

0 pointsjefftk4y ago0 comments

The first cookie RFC, rfc2109 (1997), was even more conservative:

0 comments

Too4y ago

Early versions of Internet Explorer used to follow this and prompt about cookie storage all the time, to everybody’s great annoyance. Eventually it defaulted to always allow.

j / k navigate · click thread line to collapse