Posting Date: April 08, 2003

Cookie monsters a myth -- "But intCookie monsters a mythernet security scares have caused many people to turn off cookies in their browsers. As a result, hungry web applications, starved of vital clues about their users, are starting to demand people turn their cookie support back on." (Comments: Thanks Daniel Szuc.)

Reader Comments...

It's a real problem. The server could also pass the session / user identifier via the URLs in links and forms, but this is a well-known security hazard.

So a good web app designer should:
* Check whether the minimum cooike ability is enabled (in IE 5 per-session cookies, in NS cookies which are for the same site only).
* If not, ask the user to enable them, explain why and link to an independent source of info about cookies.

Requiring anything beyond the minimum cookie ability (requirung persistent or third-party cookies) is either bad design or unscrupulous marketing, and users should not engage in e-commerce with such sites.

Posted by: Philip Chalmers on April 9, 2003 04:18 AM

Yes Philip, but light weight fraud detection and determinng payment for delayed 'conversion' require cookies with degree of persistence, these uses are arguably in people's best interest.

On the other hand, personally speaking, I toss my cookies religiously once a week.

Posted by: Nathan Consistency on April 9, 2003 10:08 AM

I'd regard requiring cookies as a mark of incompitence. Any site that refuses to serve me because I didn't allow it to set a cookie, AS SOON AS I VISITED IT will never be visited again. There's smarter sites around.

Posted by: Lach on April 12, 2003 10:09 AM

Subscribe to Webword.com
Receive the best free usability newsletter on the Internet.

URL: http://webword.com/weblog/