the problem with third party cookies is the ability to track a user across multiple domains due to their persistence (they can be stored on the client computer indefinitely until the user proactively deletes them). cookie hijacking is also a problem.
...but you're right that database-enabled pages are capable of coverty tracking visitors too, by serving a page with some javascript in a hidden iframe that talks to the parent window... i'm not saying that doing this is a good thing (it's not), but it doesn't exonerate third party tracking cookies either
the "wish" that "privacy-violators had a better grasp of the technology
its funny that you assume your jibberish to be remotely factual
privacy violators are experts in the techology that you're referring to... and that's how they take full advantage of it. its also why the problem has arisen in the first place and why laws have been enacted in an effort to reduce it
I also find it pretty hilarious you felt the need to show up my "qualifications" right before saying they're not proof of having any idea what you're talking about. Finally you said something I can agree with!
right. whatever that means. i wasn't trying to "show up" anything, but merely show that just because i have a qualification doesn't mean i know any more than you do (quoting myself: "but it doesn't mean i know what i'm talking about all the time")... remember you're the one that keeps assuming that (throughout every comment you've made in this article thread). being an aeronautical engineer doesn't mean i know any more about aircraft than someone that isn't an aeronautical engineer, but i would never be so naiive to assume that, whereas you seem to think you know everything technical (quoting you: "can handle just about any technical matter required of me"). having said all that, just because i don't claim to know more than you doesn't mean i can't debate things
So opening a second browser window to the same site fails to be logged in (because it lacks the session)
not if i keep the same session id between page transitions (using a hidden post field), which is no less secure than using a cookie
Cookies, possibly with the ADDITION of the other two systems, are the industry standard for security
no they're not... they're the industry standard for efficiency (quick, cheap and easy)
Cookies effectively allow re-authentication for every page view by sending a hash of identifying information to the server which can then be checked against the stored hash
why do you presume that cookies are required for that?
IPs alone are so insecure they are effectively not authentication
neither are cookies on their own. security in depth is the only security, and as i said nothing is 100% secure. whatever your point, it was pretty pointless
Indeed, they are the onyl practical answer
since you apparently aren't familiar with any other methods, then for you i guess they are... ifyou want to use cookies i won't even try to stop you:)
Sure... but what if you do not have user accounts? Are you going to store settings by IP? Yeah, we'll see how that goes. Obviously not by GET variable. So what, exactly, is your answer? Right. You have none. You're just a ranting idiot like the other one.
if you don't have user accounts then cookies are an alternative, but then security and logging in would be out of the question too. without cookies i could use a combination of IP and a miriad of parameters derived using javascript (check out https://panopticlick.eff.org/), but i could also use hidden post fields
and you're probably one of those morons who would complain about receiving too much spam
if you don't want to drive away users with useless prompts, don't use cookies
if you provide a cookie mechanism for user convenience, don't enable it by default and let the user click a link/button to proactively enable/disable it
having said that, most browsers have an option to disable third party cookies, and any site that requires them to work isn't worth visiting
pass the session id in a hidden post field, and for hyperlink submits use javascript (slashdot is plagued by js anyway)
passing a session id in every submit adds to the size of the page, but have you seen all the garbage that pads web pages lately? maybe if developers focused on problems like div soup and an excess of eye-candy css and js, slashdot would be much more efficient even without cookies
currently in the third year of a Chemical Engineering degree... and generally can handle just about any technical matter required of me
i'm qualified in aerospace engineering, experienced in aeronautical engineering, and now developing structural engineering compliance software, with over ten years of programming experience in a few languages (delphi, php, c, js), but it doesn't mean i know what i'm talking about all the time. even if a matter is within your field of expertise, its very doubtful that you know every aspect of that field inside and out.
from one engineer to another... your qualification will never be proof that you have any idea what you're talking about, and when you do know what you're talking about you won't need your qualification as proof
apparently you're not familiar with a database, or hidden post fields, which in combination with server fields like remoteaddress and get params, can pretty much achieve anything that a cookie can (even clandestine third party tracking through single pixel iframes, which is what the law in question is meant to address, can be done with hidden post fields and a bit of javascript)
1. Maintaining an authenticated user session (logging in and out securely)
cookies aren't required for that. they do offer the user the ability to automatically login (using a cookie) next time they visit, but you can do that without cookies too by either including a session identifier as a url get parameter (not recommended) or have a timeout set when you login that allows you to revisit without logging in again for a set period of time, authenticated by combination of IP address and username; IP address can be spoofed, so you might add a get parameter with a session ID as an additional requirement.
if the user is more interested in convenience than security that they would prefer a cookie, then a URL session ID probably isn't out of the question. at the end of the day, nothing is 100% secure, as cookies can be hijacked
2. Storing the current state of the user's session (shopping carts and the like)
mysql
3. Remembering user preferences from one visit to the next
mysql
4. Analytics within your own site
mysql
even notwithstanding all this, if you're not decent enough to seek the user's permission before dropping a cookie, then you're not dropping cookies for anything other than secretly tracking them. if you need to drop a cookie for any legit reason, then the user is more likely to grant permission to retain functionality than deny for the sake of some misguided privacy paranoia. in any case, for my sites i offer the option of using a cookie or (by default) keeping track of a session using a hidden post parameter for the session ID in each form. they don't need to know the details, just that if they want to be able to revisit without logging on then a cookie is recommended, and even when they elect to use the cookie, there is a button to delete the cookie and revert to the post parameter
its funny how so many people say this about Linux, but are unable to actually quote the parts that are ripped off (even in a courtroom), and even with full access to the Linux source code
at university they tell you something similar... "when you get out in the workplace you will remember less than 10% of what we teach you here, but what you really learn here is how to learn and track down information yourself when you need it"
from my own experience, and depending on how you learn (i'm more a visual learner), i forget a lot of stuff from uni, but when i need to know something i google it and it comes back to me much easier than it would if i'd never seen it before. i think a lot of understanding from school and uni is retained in something like your unconcious
they should make an awesome 10,000 dpi 128 bit color laser printer that prints 1000 pages per minute.... that sounds like a dot matrix!!!
now that would be a breakthrough
Slashdot Mirror
using gestures
turn steering wheel to the left => reduce stereo volume
:)
turn steering wheel to the right => increase stereo volume
can't get much more tactile than that
i didn't realise there were goalposts
the problem with third party cookies is the ability to track a user across multiple domains due to their persistence (they can be stored on the client computer indefinitely until the user proactively deletes them). cookie hijacking is also a problem.
...but you're right that database-enabled pages are capable of coverty tracking visitors too, by serving a page with some javascript in a hidden iframe that talks to the parent window... i'm not saying that doing this is a good thing (it's not), but it doesn't exonerate third party tracking cookies either
http://en.wikipedia.org/wiki/HTTP_cookie#Privacy_and_third-party_cookies
the "wish" that "privacy-violators had a better grasp of the technology
its funny that you assume your jibberish to be remotely factual
privacy violators are experts in the techology that you're referring to... and that's how they take full advantage of it. its also why the problem has arisen in the first place and why laws have been enacted in an effort to reduce it
I also find it pretty hilarious you felt the need to show up my "qualifications" right before saying they're not proof of having any idea what you're talking about. Finally you said something I can agree with!
right. whatever that means. i wasn't trying to "show up" anything, but merely show that just because i have a qualification doesn't mean i know any more than you do (quoting myself: "but it doesn't mean i know what i'm talking about all the time")... remember you're the one that keeps assuming that (throughout every comment you've made in this article thread). being an aeronautical engineer doesn't mean i know any more about aircraft than someone that isn't an aeronautical engineer, but i would never be so naiive to assume that, whereas you seem to think you know everything technical (quoting you: "can handle just about any technical matter required of me"). having said all that, just because i don't claim to know more than you doesn't mean i can't debate things
mysql can be used for tracking
it can even be used for tracking third party website usage
but online marketing use third party cookies mainly because of their persistence... but surely you knew that
So opening a second browser window to the same site fails to be logged in (because it lacks the session)
not if i keep the same session id between page transitions (using a hidden post field), which is no less secure than using a cookie
Cookies, possibly with the ADDITION of the other two systems, are the industry standard for security
no they're not... they're the industry standard for efficiency (quick, cheap and easy)
Cookies effectively allow re-authentication for every page view by sending a hash of identifying information to the server which can then be checked against the stored hash
why do you presume that cookies are required for that?
IPs alone are so insecure they are effectively not authentication
neither are cookies on their own. security in depth is the only security, and as i said nothing is 100% secure. whatever your point, it was pretty pointless
Indeed, they are the onyl practical answer
since you apparently aren't familiar with any other methods, then for you i guess they are... ifyou want to use cookies i won't even try to stop you :)
Sure... but what if you do not have user accounts? Are you going to store settings by IP? Yeah, we'll see how that goes. Obviously not by GET variable. So what, exactly, is your answer? Right. You have none. You're just a ranting idiot like the other one.
if you don't have user accounts then cookies are an alternative, but then security and logging in would be out of the question too. without cookies i could use a combination of IP and a miriad of parameters derived using javascript (check out https://panopticlick.eff.org/), but i could also use hidden post fields
you're just an insecure moron who loves cookies
and you're probably one of those morons who would complain about receiving too much spam
if you don't want to drive away users with useless prompts, don't use cookies
if you provide a cookie mechanism for user convenience, don't enable it by default and let the user click a link/button to proactively enable/disable it
having said that, most browsers have an option to disable third party cookies, and any site that requires them to work isn't worth visiting
Cookies allowed us to stop crapping up every URL on the page, and causing massive link rot
so do hidden post fields and mysql
cookies are for sneaky single pixel iframes. anyone who thinks they "need" them for anything else is doing it wrong
hidden post fields and mysql
pass the session id in a hidden post field, and for hyperlink submits use javascript (slashdot is plagued by js anyway)
passing a session id in every submit adds to the size of the page, but have you seen all the garbage that pads web pages lately? maybe if developers focused on problems like div soup and an excess of eye-candy css and js, slashdot would be much more efficient even without cookies
currently in the third year of a Chemical Engineering degree... and generally can handle just about any technical matter required of me
i'm qualified in aerospace engineering, experienced in aeronautical engineering, and now developing structural engineering compliance software, with over ten years of programming experience in a few languages (delphi, php, c, js), but it doesn't mean i know what i'm talking about all the time. even if a matter is within your field of expertise, its very doubtful that you know every aspect of that field inside and out.
from one engineer to another... your qualification will never be proof that you have any idea what you're talking about, and when you do know what you're talking about you won't need your qualification as proof
apparently you're not familiar with a database, or hidden post fields, which in combination with server fields like remoteaddress and get params, can pretty much achieve anything that a cookie can (even clandestine third party tracking through single pixel iframes, which is what the law in question is meant to address, can be done with hidden post fields and a bit of javascript)
http://en.wikipedia.org/wiki/HTTP_cookie#Alternatives_to_cookies
perhaps you should read all of the page before making an utter fool of yourself again in the future
1. Maintaining an authenticated user session (logging in and out securely)
cookies aren't required for that. they do offer the user the ability to automatically login (using a cookie) next time they visit, but you can do that without cookies too by either including a session identifier as a url get parameter (not recommended) or have a timeout set when you login that allows you to revisit without logging in again for a set period of time, authenticated by combination of IP address and username; IP address can be spoofed, so you might add a get parameter with a session ID as an additional requirement.
if the user is more interested in convenience than security that they would prefer a cookie, then a URL session ID probably isn't out of the question. at the end of the day, nothing is 100% secure, as cookies can be hijacked
2. Storing the current state of the user's session (shopping carts and the like)
mysql
3. Remembering user preferences from one visit to the next
mysql
4. Analytics within your own site
mysql
even notwithstanding all this, if you're not decent enough to seek the user's permission before dropping a cookie, then you're not dropping cookies for anything other than secretly tracking them. if you need to drop a cookie for any legit reason, then the user is more likely to grant permission to retain functionality than deny for the sake of some misguided privacy paranoia. in any case, for my sites i offer the option of using a cookie or (by default) keeping track of a session using a hidden post parameter for the session ID in each form. they don't need to know the details, just that if they want to be able to revisit without logging on then a cookie is recommended, and even when they elect to use the cookie, there is a button to delete the cookie and revert to the post parameter
rip-off free OS
its funny how so many people say this about Linux, but are unable to actually quote the parts that are ripped off (even in a courtroom), and even with full access to the Linux source code
in this case the head has initials DM, and unfortunately he's still alive
survive off others
sounds like the motto of every corporation
at university they tell you something similar... "when you get out in the workplace you will remember less than 10% of what we teach you here, but what you really learn here is how to learn and track down information yourself when you need it"
from my own experience, and depending on how you learn (i'm more a visual learner), i forget a lot of stuff from uni, but when i need to know something i google it and it comes back to me much easier than it would if i'd never seen it before. i think a lot of understanding from school and uni is retained in something like your unconcious
right in the kisser
yo terminated... dawg
they should make an awesome 10,000 dpi 128 bit color laser printer that prints 1000 pages per minute.... that sounds like a dot matrix!!!
now that would be a breakthrough
hahaha.... jaw crusher... that's funny :)
...ought to be enough for anybody
... as to whether the exodus was by choice or due to "rationalization"
... is just another name for the ignorance we cling to so desperately to avoid having to actually solve problems
damn... haven't seen that one. i'm more into voyager... ooooh that seven of nine
I actually worked on the systems
there's the punchline right there, so i'm just a bit curious... how much money did greedy scaremongering dickheads like you make from Y2K?
don't expect to be so lucky when Y2038 comes around... dickhead