James A. Donald writes: > Although websites often use huge numbers of huge cookies, one can > easily optimize one's cookie use. I can see no reason why anyone > would ever need more than a single 96 bit cookie that is a random > number.
They might want to make the content and purpose of the cookie transparent to the user, and perhaps even reassure the user that the cookie can't easily be used as a unique identifier for the user's browser. On the flip side, there are also some mechanisms to store authenticated, encrypted session state in its entirety on the client in order to _avoid_ storing it in a database on the server. -- Seth Schoen <sch...@eff.org> Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
