State or Confusion (was:RE: [thelist] Pop-up when user leaves sit e.)

Peter-Paul Koch gassinaumasis at
Tue May 22 03:50:49 CDT 2001

>Thanks, err, Mr. Koch. (How shall I address you, sir?)

Eventually everyone end up saying 'ppk', though I admit 'Mr. Koch' is rather 
stylish <g>.

>I might think, then, that the security mechanism is what is prohibitive 
>about reading it out.

Yes, this is a security feature. The purpose is to prevent reading out too 
much information about the user. If the mechanism weren't there, I could 
easily write a script that goes through the other open browser windows, 
notes what pages are shown and thus allow me to create a profile of the user 
and sell it to advertisers. No go.

>So, generally speaking, it would seem that site-experience management is 
>not very well developed in the web model.

What do you mean by 'site-experience'?

>As deke points out in his latest post, the web is stateless. What I wonder 
>is the usefulness of capturing the transition from one site to another.

At the very beginning of the WWW, it was determined that the HTTP protocol 
would be state-less, which basically means that it doesn't remember 
anything. Any HTTP request that asks for a page, is new to the server.

Meanwhile cookies and session variables have been invented to allow one 
server to keep track of what a visitor has done, but this doesn't work 
cross-domain. Besides, as you will note, this is an extra feature built on 
top of the statelessness of the WWW.

>Perhaps in terms of security, privacy, credibility, etc., it may be useful 
>to know of transitions from and to other sites. But, wait, maybe this is 
>where third-party certification steps in...

 From a privacy point of view this is *not* useful to know, it actively 
endangers privacy as we see it now.

As to security, you shouldn't let your security model hinge on where a user 
comes from. Passwords and such are a much better idea.

Credibility: don't know what you mean.

Anyway, this whole model is based on the statelessness of HTTP. 
Statelessness wasn't invented to protect privacy, it was done to keep the 
tasks of a WWW server simple, but it serves rather well in protecting 

>BTW, is this level of <euphemism>abstract thinking</euphemism> allowed in 
>this list?

I should hope so!

Get Your Private, Free E-mail from MSN Hotmail at

More information about the thelist mailing list