Cookie Management... (fwd)

[Dawit A.]

Hello,

A cookie dialog cannot be made non-modal for one basis reason.  It completely 
defeats the purpose of why cookies are needed in the first place :(  The idea 
behind adding support for "cookies" into the HTTP protocol is to make a 
session-less protocol, which HTTP is, into one that has rudimentary support 
for sessions. 

Why is keep track of a user's session important ?  For the same reason they 
are provided in KDE when you log out. The site(s) you visit have to be able 
to track which information they need to present you with next.  This is the 
main intention.  Of course this idea has been abused to the extent where all 
cookies are made to stick around under the guise that you can be 
automatically logged in if you revisit the same site(s) within a given 
period. If we make the cookie dialog non-modal it would mean that almost 
login sites that use cookies for session management (ex: most web-based mail 
systems), and many many dynamically generated sites will seize to work 
correctly in konqueror.

Now this does not mean that the cookie confirmation dialog cannot be in-lined, 
just non-modal. However, it would be at best difficult and require more 
overhead to add support for such a feature.  For example, in our case the 
cookie dialog has to be re-designed as a kpart so that it can be embedded 
into parts much line the "kfind" part.  If it crashes it will take the 
browser with it where as today it rarely does that it ever since the 
processes are separate.  The http io-slave that handles the request might 
crash, but not the browser.  Moreover, the part would have to be made up of a 
rich text editor to display the stuff shown in the mock-up.  However this is 
done, it will definitely add more overhead than the current solution.

As for one of the ideas suggested: "Delete this cookie when I close this 
window."  You will be able to do that and more in KDE 3.1 :)  See the 
attached screenshot.  In 3.1 we 've made it such that the cookie dialog comes 
up less frequently.  For example, by default we accept the so called 
"session-cookies".  These are cookies that do not have any date parameter and 
hence are never saved to your hard disk.  Also we no longer accept cookies 
from third-party sites.  Only from originating servers.  Though this can 
easily be worked around by simply moving the operation from the client side 
to the server side and passing the cookie data to a central server for 
processing.  However, it is still better than what we had before.  And 
finally there is an option that is not on by default that allows you to treat 
all incoming cookies as session cookies.  Checking these three new settings 
basically allow you to accept all cookies without having to worry about 
cookies remaining in your hard disk.  Simply closing your current session 
removes all the cookies from memory.  NOTE: there are still some bugs to be 
worked out, but your get the idea... :)

Regards,
Dawit A.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cookie-config-dlg.png
Type: image/png
Size: 29435 bytes
Desc: not available
URL: <https://mail.kde.org/mailman/private/kfm-devel/attachments/20021011/28402fa0/attachment.png>