Cookie Management... (fwd)

Keunwoo Lee klee at cs.washington.edu
Thu Oct 10 21:59:39 BST 2002 

Someone came across one of my web pages wherein I laud Konqueror's cookie
handling, and sent me the suggestion below.  I thought I'd forward it to
the list to put the idea on Konq developers' radar screens.  See the
mocked-up screenshot in particular.

(My $0.02 is that I like having the current (quasi-)modal dialog because I
can reflexively hit alt-R; but a non-modal cookie interface would be a
good idea as the default, with the pop-up dialog as a configurable
option.)

~k

---------- Forwarded message ----------
Date: Wed, 9 Oct 2002 23:09:15 -0400
From: Robert Lee <rlee0001 at maine.rr.com>
To: klee at cs.washington.edu
Subject: Cookie Management...

Re: http://www.cs.washington.edu/homes/klee/kde/cookies.html

I agree 100%! I think the same mechanism can be applied to other invasive
or potentially malicious technologies as well. Like when a document tries
to automatically open new windows or when a document attempts to redirect
you (and so on...).

The one issue I have with KDE's alert mechanism (and any prompt in
general), is its modality. The user must stop what he or she is doing in
order to respond to the alert. I've drawn up a mock-up of a mechanism that
has very similar functionality but is non-modal.

http://www.lostcommunity.org/images/cookies.jpg (243kB)

Of course, I based that on Internet Explorer not Konqueror but the
principle is that the cookie is disabled while the user is presented with
a non-modal prompt in a seperate area of the window. If the user chooses
to ignore the prompt, the cookie is rejected by default. The prompt may
auto-hide when the user navigates to a new page.

I would also add the option for "Delete this cookie when I close this
window." I would also display the name of the cookie, its value and its
expiration date.

If multiple cookies are received at the same time, the cookies can be
listed in the panel (seperated by an HR tag) and a scroll bar added. This
allows the user to scroll through a list and deal with each request
individually. Other browser requests (such as those for running JScripts,
running ActiveX controls, downloading files, sending email and so on) can
also be listed here.

I would agree that browser programmers need to start taking security more
seriously. Of course, they also need to understand that if the user gets a
"Cookie Alert" modal dialog every time they visit a page, the user may
become likely to disable the feature.

Just my $0.02. Oh, and great web site by the way.

-Robert Lee

More information about the kfm-devel mailing list