Authentication while respecting DNT header
Lennart Sorensen
lsorense-1wCw9BSqJbv44Nm34jS7GywD8/FfD2ys at public.gmane.org
Mon Oct 15 18:07:37 UTC 2012
On Sun, Oct 14, 2012 at 02:31:56PM -0400, William Muriithi wrote:
> Got a question for the developers here. Looks like European will
> enforce DNT eventually, so I tried thinking what else would be
> affected. One thing that came in mind may be the need to change is
> authenticating browsers. We currently use session cookies, are these
> affected by DNT? If so, how else would you authenticate a browser
> without being out of compliance of DNT?
>
> I guess you can use URL change to identify authenticated session, but
> that can also have security issues? As in, if someone can intercept
> the URL, he/she can able to keep using the session.
>
> http://www.bbc.co.uk/news/technology-19908880
I believe what they are going to mandate is something like DNT for user
tracking for advertising purposes and such. Tracking a session when
the user logs in for the purpose of doing what the user came there for
is outside that scope.
If you have seen how strangely appropriate ads can sometimes be
on facebook and other random sites (usually those that are served by
google's add system), then you have some idea what kind of long term
cookies are being used to track your navigation around the internet.
--
Len Sorensen
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list