* Mark Fuller <suppressed> [2008-03-10T09:27:47] > On Mon, Mar 10, 2008 at 6:15 AM, Michael Peters <suppressed> wrote: > > > > I just use a URL encoded JSON cookie. I don't put anything sensitive in > > there. > > Is there a risk that this contributes to the bad reputation of > cookies? One person puts stuff in a cookie and obfuscates it > (presumably for a reason). Another encrypts it (presumably for a > reason). There's no transparency for the user who isn't even asked if > they accept this. Who obfuscated? URI-encoding is just useful to make it 7-bit safe. (I think!) It's barely obfuscatory, too, if you know the few common things that will appear. I don't know that cookies have a bad reputation at all! They're just accessible to the user to view and edit, and they have a small maximum size. Having a cookie containing "authenicated_user_name=rjbs" in the clear would be stupid. Trying to store a complete serialized set of preferences for a complex application would also be stupid. > To me, it sounds like the kind of thing that makes people disable cookies > entirely (or, trust them too much and, before too long someone's definition > of what's "not sensitive" and "satisfactory obfuscation" is incorrect). It > seems like just storing a sessionID avoids all that. Is making the > programming less complex worth falling into that category of cookie > suspicion? What's the kind of thing? Huh? I have no idea what you're driving at. -- rjbs ##### CGI::Application community mailing list ################ ## ## ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp ## ## ## ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ## ## ################################################################
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.