plun said:
JMJ2 used his keyboard to write :
So for me cookies are dead, stone dead !
Some sites won't work without them as they provide temporary storage needed
to provide secure navigation within a site (since Referrer may be blocked)
or to retain information between browser sessions. For example, when
shopping online, do you really want to start all over putting items in your
out-basket because you got interrupted, had to end the browser session, and
then come back to do more shopping? Do you really want to have to open and
register an account before you can start selecting items so they can record
your out-basket items in your account to permit multi-session shopping?
When you revisit your favorite forum, do you want to have to login in each
time, or not have it remember which posts that you have read before (by
removing bolding from them)? There are good uses for cookies. There are
good uses for rifles but responsible hunters lock them down. Learn to
lockdown your cookies.
I allow only 1st party cookies (i.e., only those from the site that I'm
visiting). 3rd party cookies are blocked (I don't know them, don't trust
them, that is not where *I* browsed, and if the "3rd party" is another
entity of the first then don't mask that fact). Only trusted domains get to
leave a cookie on my host, hence the need for a whitelist (because I don't
even want all sites in the Trusted Sites security zone to leave cookies
hanging around). You can use IE's Allow and Block list for cookies to
define which ones to keep or block, but I don't care for all the manual
upkeep, especially in having to maintain a huge list of Blocked domains.
IE does not have the feature where you can whitelist the good domains in the
Allow cookie list and force cookies from all non-Allowed sites to be
per-session cookies. By having a cookie domain whitelist (which is separate
of the Trusted Sites security zone), the user can specify just the few sites
where they really do want to keep their cookies between browser sessions
with those sites. This way you allow retained information from good sites
(and only those good sites that you want to whitelist), allow the use of a
temporary info store to ensure a site functions properly, but all
non-whitelisted cookies are forcibly purged after the browser session.
#1 - Allow only 1st party cookies.
#2 - Block 3rd party cookies.
#3 - Allow per-session cookies (which get deleted when exiting the browser).
#4 - Provide whitelisting of user-selected domains (so their cookies survive
across browser sessions).
#5 - Delete all non-whitelisted cookies on exit from the browser (i.e., they
are forced to be per-session cookies).
Firefox stores cookies, too. From
http://websearch.about.com/od/firefox/ss/firefoxoptions_5.htm and
http://www.mozilla.org/projects/security/pki/psm/help_21/using_priv_help.html,
it looks like Firefox might provide a decent level of cookie management.
With IE, you need 3rd party tools, but decent cookie management is just as
easily doable.
Rather than flee from cookies to only degrade your browsing experience, just
learn to manage them.
