Cookies?

[Rici Lake]

On Mon, 8 Jun 1988, Byron Mayes wrote:

>On Fri, 5 Jun 1998, Michael Dargan wrote:
>
>> We're running Netscape Standalone 4.05 on Win95 workstations that are
>> under severe policy restrictions and Fortres 101.  I've disabled cookies
>> but am getting pressure from patrons who desire them.  I'm leery of
>> allowing them on public workstations.
>>
>> Am I being to fussy?  What would be the practical significance of
>> enabling cookies which are sent back to the server?
>
>Many sites that allow some form of interaction between *specific* user and
>the server use cookies. This includes lots of travel services, shopping
>services, financial services, *and* some information services. Many will
>not work at all without them (they should tell the user this up front, as
>most do). My experience suggests that this is becoming more common.
>...

Yes. This is particularly true of sites using Microsoft's Active Server
Pages (ASPs), in particular Microsoft's own support site. (Try
<http://support.microsoft.com/kb> with cookies turned off to see
Microsoft's advertisement for cookies.)

>Perhaps you should ask your users just what services they are using which
>require cookies? Maybe some services your institution offers assume
>cookies and just didn't mention it to you. If you find that your patrons'
>use is within the legitimate uses of your institution, you probably should
>consider allowing them.

Sure, but do patrons really know whether cookies are required or not? Will
they be able to properly diagnose an error related to cookies being refused?

>
>Better still, ask why are you *not* allowing them? Have you determined
>that they are a potential security risk? Does disallowing cookies block
>hate group/porno sites? Is disk space at a premium? Is it [cookie
>technology] not very well understood so they're turned off out of fear?
>Is there a policy tat allowing cookies would break? If your reasons are
>within institutional policy and can be supported by said policy, then you
>have no reason to allow them, and you can give a more useful and
>informative answer than simply, "No," when patrons ask.
>

I don't find any of those reasons very persuasive. But how about this one:
Cookies are used to store people's personal information (e-mail addresses,
site passwords, whatever). In a shared-computer situation, this information
is inaccurate at best, and a violation of patron privacy at worst.
(Although, of course, history and cache contents are even more of a
problem.)

Now that Netscape has released its source code, perhaps there is the
possibility to get a "library-friendly" version of Netscape, which would,
for example, wipe all user-specific information at the end of a "session".
(A "school-friendly" version might even provide multiple persistent stores
for multiple users, with the stores kept on a server.) Any developers
listening?

Rici Lake
Oxfam GB