Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Re: Re: Forum / Site redone
From: nodialtone <nodialtone () comcast net>
Date: 21 Feb 2006 21:15:53 -0500

Lets all ensure that all the crumbs are vacuumed up as well.

On Tue, 2006-02-21 at 14:14, Dave Korn wrote:
Nigel Horne wrote:
Nigel Horne wrote:
Thanks for the comments.  Site has been redone ( I re-didit )  Feel
free to keep the comments coming.


Why does it attempt to store 2 cookies on my machine when all I do
visit your front page?

  Because that's how PHP tracks your session ID.

Needless to say I said "no".

Public access websites should not have session IDs just to visit their

  Like it matters the tiniest little bit at all.

  You can refuse the cookie if you want.

  You can accept it if you want the personalisation you'll get.

  You can set your browser to flush cookies at the end of the session if you 
don't want the same server to identify you next time.

  You can hang on to it indefinitely if you do.

  It takes next to no space on your hard drive, is entirely under your 
control, and it's not some kind of magical demon sent by the NSA to spy on 
you, so who cares?

  You're presenting this claim that "Public access websites" (you mean 
'publicly accessible' websites, I take it) "should not have" session IDs. 
Well, /WHY/ should they not?  This claim needs justifying.  Ethical reasons? 
Financial reasons?  Health and safety reasons?  Aesthetic reasons?  Or just 
because Nigel Horne says so, and whatever he says is so obviously patently 
right and true that all right-thinking people will just accept your word for 
it unquestioningly?


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]