[nycphp-talk] P3P and MSIE6 cookies

Analysis & Solutions danielc at
Tue Feb 4 21:09:01 EST 2003

Hi Chris and Chris:

First, let me thank Chris Shiflett for posting the P3P information.  I 
wasn't aware of this initiative.  While it's not an issue for me right 
now, I know it will become one, as the browsers which implement this 
platform become more widely used and the users understand what they can 
do.  So, I implemented it.  Folks curious to see a valid setup can check 

On Tue, Feb 04, 2003 at 03:43:58PM -0500, Chris Snyder wrote:
> While it's true that URI query strings may be superior to cookies for 
> passing session information, what happens when a user copy-and-pastes 
> the URL into an email client and sends it to their friends?

To me, session handling is appropriate for situations where you need to
keep track of what the person is doing.  For example, as they're filling
a shopping basket.  So, in this case, is someone really going to send a
friend an email link to go examine their own cart?

Even if they do, sessions end due to timeout or task completion.  So, the
chances of that friend going to the URI in quesiton while the session in 
question is still active are quite low.

And, heaven forbid, the friend comes for a visit too soon, the session
handler might be able to distinguish them via referrers and user agents,
if they differ between the two users.

Bookmarks and links sent to friends generally are to pages that don't 
have anything to do with sessions.  Implementing sessions on such pages 
is wasteful.

On Tue, Feb 04, 2003 at 03:44:49PM -0500, Chris Shiflett wrote:
> His question actually had nothing to do with client-side
> scripting. Cookies are more of a protocol-level thing, even
> though the data does reside on the client.

Yes, I realized that.  I used the phrase "client side programming" to 
broadly mean all technology which relies upon the browser to do anything 
beyond show the text/images and follow links which are clicked on.

On Tue, Feb 04, 2003 at 03:52:16PM -0500, Chris Shiflett wrote:
> Client data, whether form variables, URL variables, or
> cookies, can be easily modified.

Which brings up the point of how important it is to validate all
incomming data.  But that's a WHOLE different ball of wax... as folks who
remember my first thread after joining this list recall. :)



               PHP classes that make web design easier  | |
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
 4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409

More information about the talk mailing list