Comment Re:3rd-party cookies (Score 1) 109
" No web application, shopping cart, etc. should ever need to use them."
And how would you suggest keeping state over a stateless connection? The other options (hidden fields, or a GUID in the URL) are at best no more secure than using a session cookie, in many cases they are far riskier to use.
Also, all modern browsers will only send a cookie to the same domain that set the cookie. Even if a facebook cookie is set on my browser, the browser will only send the cookie to the facebook domain... so unless there is an embedded facebook script on the page, your browser will absolutely not send facebook cookies to anyone.
Cookies are absolutely not the problem, the vast array of sites installing facebook tracking scripts on their pages is the problem.
And how would you suggest keeping state over a stateless connection? The other options (hidden fields, or a GUID in the URL) are at best no more secure than using a session cookie, in many cases they are far riskier to use.
Also, all modern browsers will only send a cookie to the same domain that set the cookie. Even if a facebook cookie is set on my browser, the browser will only send the cookie to the facebook domain... so unless there is an embedded facebook script on the page, your browser will absolutely not send facebook cookies to anyone.
Cookies are absolutely not the problem, the vast array of sites installing facebook tracking scripts on their pages is the problem.