Threaded Mode | Linear Mode

Siamesecat · Mar. 10, 2009, 06:05 AM

Maybe I am totally missing the point, but for cookies earmarked to have the data send elsewhere, that is under the control of whomever is running the server, not of whomever is using a browser to visit.

***sidki3003*** · Mar. 12, 2009, 01:34 PM

(Mar. 09, 2009 10:37 AM)lnminente Wrote: I found this web: http://www.quirksmode.org/js/cookies.html

Maybe is sufficient disabling the document.cookie function. So in the first script we add to every web page maybe we could add a line similar to
document.cookie = return(1);

PLEASE, SOMEONE CONFIRM THE ABOVE LINE

"return" is reserved for functions. I don't think that you can nullify document.cookie, but i haven't tested it.

lnminente · Mar. 12, 2009, 04:45 PM

Hi Sidki, i was taking a look to old configs i had printed from JD5k, Altosax and you, and I noticed also about meta cookies :o so if i'm right there are three different methods for creating cookies (js,headers and meta), and two for sending (js and headers)

Also i saw about Cookie2 header, too much things only for cookies...

***sidki3003*** · Mar. 12, 2009, 05:54 PM

Yeah. For browsers that support server-push pages, like Firefox, there are also server-push cookies. An example is http://bugzilla.mozdev.org/buglist.cgi?p...%20toolbar ("LASTORDER" cookie). That would make it four methods for setting cookies.

As for sending cookies, i think its via HTTP headers only.
As for Cookie2, the only browser i know that accepts them is Opera.

lnminente · Mar. 12, 2009, 08:49 PM

So we can consider the easiest way to block cookies is at their output as HTTP headers. Thanks Sidki Smile!

***sidki3003*** · Mar. 12, 2009, 09:20 PM

True. The problem is what Siamesecat mentioned above. If you don't block the set-cookie methods, your browser is accumulating cookies. For session-only filters you don't have a choice but are limited to the set-cookie methods.

lnminente · Mar. 12, 2009, 09:49 PM

Well, i'm actually doing all my cookies session-only except some i specify and blocking the ones from adsources. The problem is i'm doing it with an addon for FF and i would like to write something for people not using it. Maybe just removing "expires" and the other word (max-age or similar) from Set-Cookie header could do a sufficient but not perfect work, it would need some logging to see how it works.