Cookie Management... (fwd)

[Martijn Klingens]

(Taking this to kde-usability where it is IMO better suited)

On Thursday 10 October 2002 22:59, Keunwoo Lee wrote:
> Someone came across one of my web pages wherein I laud Konqueror's cookie
> handling, and sent me the suggestion below.  I thought I'd forward it to
> the list to put the idea on Konq developers' radar screens.  See the
> mocked-up screenshot in particular.
>
> (My $0.02 is that I like having the current (quasi-)modal dialog because I
> can reflexively hit alt-R; but a non-modal cookie interface would be a
> good idea as the default, with the pop-up dialog as a configurable
> option.)

Apple uses this concept of 'inline' dialogs in a similar way in Mac OS X for 
example for the print dialog and I have to admit it's probably one of the 
best GUI innovations that OS has brought to the world.

The problem with the cookie dialog however is that it really has to be modal 
though because JavaScript can query cookies and some sites use that to detect 
whether cookies are enabled or not. Making it non-modal would break that 
behaviour.

Well, come to think of it, making it continue loading the page would. There's 
no need to make the dialog modal indeed.

(Not snipping the rest for the kde-usability people that don't read kfm-devel)

> ~k
>
> ---------- Forwarded message ----------
> Date: Wed, 9 Oct 2002 23:09:15 -0400
> From: Robert Lee <rlee0001 at maine.rr.com>
> To: klee at cs.washington.edu
> Subject: Cookie Management...
>
> Re: http://www.cs.washington.edu/homes/klee/kde/cookies.html
>
> I agree 100%! I think the same mechanism can be applied to other invasive
> or potentially malicious technologies as well. Like when a document tries
> to automatically open new windows or when a document attempts to redirect
> you (and so on...).
>
> The one issue I have with KDE's alert mechanism (and any prompt in
> general), is its modality. The user must stop what he or she is doing in
> order to respond to the alert. I've drawn up a mock-up of a mechanism that
> has very similar functionality but is non-modal.
>
> http://www.lostcommunity.org/images/cookies.jpg (243kB)
>
> Of course, I based that on Internet Explorer not Konqueror but the
> principle is that the cookie is disabled while the user is presented with
> a non-modal prompt in a seperate area of the window. If the user chooses
> to ignore the prompt, the cookie is rejected by default. The prompt may
> auto-hide when the user navigates to a new page.
>
> I would also add the option for "Delete this cookie when I close this
> window." I would also display the name of the cookie, its value and its
> expiration date.
>
> If multiple cookies are received at the same time, the cookies can be
> listed in the panel (seperated by an HR tag) and a scroll bar added. This
> allows the user to scroll through a list and deal with each request
> individually. Other browser requests (such as those for running JScripts,
> running ActiveX controls, downloading files, sending email and so on) can
> also be listed here.
>
> I would agree that browser programmers need to start taking security more
> seriously. Of course, they also need to understand that if the user gets a
> "Cookie Alert" modal dialog every time they visit a page, the user may
> become likely to disable the feature.
>
> Just my $0.02. Oh, and great web site by the way.
>
> -Robert Lee

-- 
Martijn