| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue Feb 21 19:15:37 2006
From: davek_throwaway at hotmail.com (Dave Korn)
Subject: Re: Re: Forum / Site redone
Nigel Horne wrote:
>> Nigel Horne wrote:
>>>> Thanks for the comments. Site has been redone ( I re-didit ) Feel
>>>> free to keep the comments coming.
>>>>
>>>> http://www.iatechconsulting.com
>>>
>>> Why does it attempt to store 2 cookies on my machine when all I do
>>> visit your front page?
>>
>> Because that's how PHP tracks your session ID.
>>
>>> Needless to say I said "no".
>
> Public access websites should not have session IDs just to visit their
> frontpage.
Like it matters the tiniest little bit at all.
You can refuse the cookie if you want.
You can accept it if you want the personalisation you'll get.
You can set your browser to flush cookies at the end of the session if you
don't want the same server to identify you next time.
You can hang on to it indefinitely if you do.
It takes next to no space on your hard drive, is entirely under your
control, and it's not some kind of magical demon sent by the NSA to spy on
you, so who cares?
You're presenting this claim that "Public access websites" (you mean
'publicly accessible' websites, I take it) "should not have" session IDs.
Well, /WHY/ should they not? This claim needs justifying. Ethical reasons?
Financial reasons? Health and safety reasons? Aesthetic reasons? Or just
because Nigel Horne says so, and whatever he says is so obviously patently
right and true that all right-thinking people will just accept your word for
it unquestioningly?
cheers,
DaveK
--
Can't think of a witty .sigline today....
Powered by blists - more mailing lists