Web devel with python. Whats the best route?

Alex Martelli aleaxit at yahoo.com
Tue Jan 16 10:03:17 EST 2001 

"Erno Kuusela" <erno-news at erno.iki.fi> wrote in message
news:ku4rz0g0w6.fsf at lasipalatsi.fi...
    [snip]
> | Wrong, see RFC 2109, "HTTP State Management Mechanism".  That is
> | where cookies are specified in detail.
>
> that doesn't make them part of http :)

What makes something 'part of HTTP' if not being among the W3C's
"HTTP Specification and Drafts", http://www.w3.org/Protocols/Specs.html?

RFCs 2616, 2617, 2145, 2109, there listed, are my definition
of the "parts of HTTP" (1.1).  I consider (e.g.) the state
management part, detailed in 2109, and the authentication part,
detailed in 2617, to be as much a 'part of HTTP' as anything
listed in 2616 itself.

RFC2109 will soon be obsoleted by the new RFC2965, with the
addition of a separate RFC2964 which you may be particularly
interested in (ftp://ftp.isi.edu/in-notes/rfc2964.txt) -- it's
a very readable summary of the advantages of cookies over other
ways to encode state (such as the ones you prefer), what uses
of cookies are deemed inappropriate and forbidden by standard
('MUST NOT', 'SHOULD NOT') -- with a small but significant
reference to how the exactly-same things can be perpetrated
without any cookies at all (it doesn't go into details, but
you can find working examples in _many_ places on the net:-).

As the CIAC correctly summarizes, "preventing your browser from
accepting cookies does not make you an anonymous user, it just
makes it more difficult to track your usage" -- just a special
case of: avoiding cookies does not make it impossible to use
state with HTTP, just more difficult.  "Information about where
you come from and what web pages you visit already exists in a
web server's log files and could also be used to track users
browsing habits, cookies just make it easier".  I concur.  Cfr
http://www.ciac.org/ciac/bulletins/i-034.shtml.

In other words, the 'cookies scare' is just one more example
of the kind of misunderstood-technology/science-stuff-scares
we keep seeing these days; just like the people who are now
avoiding any cattle-related product at all, just in case it
could possibly put them at risk of BSE (so far, milk and even
cow-milk-cheese sales are dropping around here; I predict that
before long, cow-skin leather will suffer too; pork and mutton
meat sales are about flat -- people buying them rather than
beef being compensated by those who, just in case squared, are
becoming vegetarians or thereabouts).


> i for example usually just skip sites that don't work with
> my default no-cookies/no-javascript browser setting.
>
> the url approach cannot be subverted for the use cookies
> most often see.

I guess you're right and the CIAC and the W3C are wrong, then;
your surfing-privacy is safe if you just refuse cookies.  Keep
sleeping, then, and dream pleasant dreams.

As for me, I'll keep using cookies (appropriately, of course),
degrading gracefully where cookies are not being supported (as
per specs in the already-quoted RFC's), but without breaking
my back to try and make the 'gracefully degraded' web-application
behavior as nice and easy to use as the everything-working case.
And if that loses me the paranoids' market niche, oh well -- I'm
saving lots of money these days by eating spinach instead of
beef, so, I can stand the income-reduction...


Alex

More information about the Python-list mailing list