[http-state] Cookie Design School

Bil Corry <bil@corry.biz> Wed, 06 May 2009 03:26 UTC

Return-Path: <bil@corry.biz>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id 9656E3A68BC for <http-state@core3.amsl.com>; Tue, 5 May 2009 20:26:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[AWL=-2.866, BAYES_50=0.001, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id irnijFqlq28o for <http-state@core3.amsl.com>; Tue, 5 May 2009 20:26:40 -0700 (PDT)
Received: from mail.mindio.com (app1.bc.anu.net []) by core3.amsl.com (Postfix) with ESMTP id 7E9C73A6A3F for <http-state@ietf.org>; Tue, 5 May 2009 20:26:12 -0700 (PDT)
Received: from [] (c-98-212-72-151.hsd1.in.comcast.net []) by mail.mindio.com (Postfix) with ESMTP id 297FEFCEF0 for <http-state@ietf.org>; Tue, 5 May 2009 22:27:38 -0500 (CDT)
Message-ID: <4A010382.9040507@corry.biz>
Date: Tue, 05 May 2009 22:26:58 -0500
From: Bil Corry <bil@corry.biz>
User-Agent: Thunderbird (Windows/20090302)
MIME-Version: 1.0
To: "http-state@ietf.org" <http-state@ietf.org>
X-Enigmail-Version: 0.95.7
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Subject: [http-state] Cookie Design School
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Discuss HTTP State Management Mechanism <http-state@ietf.org>
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 May 2009 03:26:41 -0000

I love this quote:

I think we need to send Web site and software developers to cookie design school so that they can design cookies correctly. We know very well what cookies are good and which cookies are bad, and there are ways to design cookies so that people cannot actually hijack the session.


- Bil