Someone came across one of my web pages wherein I laud Konqueror's cookie handling, and sent me the suggestion below. I thought I'd forward it to the list to put the idea on Konq developers' radar screens. See the mocked-up screenshot in particular. (My $0.02 is that I like having the current (quasi-)modal dialog because I can reflexively hit alt-R; but a non-modal cookie interface would be a good idea as the default, with the pop-up dialog as a configurable option.) ~k ---------- Forwarded message ---------- Date: Wed, 9 Oct 2002 23:09:15 -0400 From: Robert Lee To: klee@cs.washington.edu Subject: Cookie Management... Re: http://www.cs.washington.edu/homes/klee/kde/cookies.html I agree 100%! I think the same mechanism can be applied to other invasive or potentially malicious technologies as well. Like when a document tries to automatically open new windows or when a document attempts to redirect you (and so on...). The one issue I have with KDE's alert mechanism (and any prompt in general), is its modality. The user must stop what he or she is doing in order to respond to the alert. I've drawn up a mock-up of a mechanism that has very similar functionality but is non-modal. http://www.lostcommunity.org/images/cookies.jpg (243kB) Of course, I based that on Internet Explorer not Konqueror but the principle is that the cookie is disabled while the user is presented with a non-modal prompt in a seperate area of the window. If the user chooses to ignore the prompt, the cookie is rejected by default. The prompt may auto-hide when the user navigates to a new page. I would also add the option for "Delete this cookie when I close this window." I would also display the name of the cookie, its value and its expiration date. If multiple cookies are received at the same time, the cookies can be listed in the panel (seperated by an HR tag) and a scroll bar added. This allows the user to scroll through a list and deal with each request individually. Other browser requests (such as those for running JScripts, running ActiveX controls, downloading files, sending email and so on) can also be listed here. I would agree that browser programmers need to start taking security more seriously. Of course, they also need to understand that if the user gets a "Cookie Alert" modal dialog every time they visit a page, the user may become likely to disable the feature. Just my $0.02. Oh, and great web site by the way. -Robert Lee