Welcome to WebmasterWorld Guest from 54.147.44.13

Forum Moderators: open

Message Too Old, No Replies

GMail requires cookies ...

Is this a product of commercial scale

     
8:02 pm on Aug 6, 2004 (gmt 0)

Preferred Member

10+ Year Member

joined:Aug 20, 2003
posts:450
votes: 0


I am able to logon to almost every email account from this public computer that I am using today.. my work email, yahoo, hotmail.
I am even logged on to webmasterworld..

But when I try to logon to my gmail account, I get following message:

""Your browser's cookie functionality is turned off. Please turn it on.""

I don't this its a commercial product. Google just created this "gmail" to add another product in their list of products before going for IPO.

SDani

4:03 pm on Aug 8, 2004 (gmt 0)

Junior Member

10+ Year Member

joined:Jan 21, 2004
posts:76
votes: 0


Well it is still in Beta, so there are still bugs im sure. I use my account everyday and it works great, ive only had one problem while testing it on a Mac in Safari.
4:41 pm on Aug 8, 2004 (gmt 0)

Full Member

10+ Year Member

joined:June 6, 2003
posts:211
votes: 0


the WWW is stateless. You make connections to a web server, grab the requested info, then drop the connection.

Add to it that more than one person can browse from an IP... and it's close to impossible to be able to deal with login systems without cookies to identify a user's session.

From what you describe, it sounds like you do have cookies enabled. It could be a temporary error with gmail. Try it again and see if it works.

2:13 pm on Aug 10, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Aug 8, 2004
posts:1679
votes: 0


and it's close to impossible to be able to deal with login systems without cookies to identify a user's session.

Well you can keep sessionID as part of all URLs and forms on generated pages. This is certainly something not particularly attractive from search engine indexing point of view (same URLs appear to be unique), but pretty acceptable for those private accesses that require user authentication.

2:23 pm on Aug 10, 2004 (gmt 0)

Full Member

10+ Year Member

joined:June 6, 2003
posts:211
votes: 0


true - but more than being ugly, it also allows someone to paste a url to someone else and the second user to then have the first person's access.
2:27 pm on Aug 10, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Aug 8, 2004
posts:1679
votes: 0


true - but more than being ugly, it also allows someone to paste a url to someone else and the second user to then have the first person's access.

Not if sessionID is linked to IP address with short expiration. Yes its not nice, but certainly not impossible, which is the point I am making. Content that require authentication should not be shared by users in form of passing direct URL anyway.

The reason (as I see it) GMail wants cookies is not of technical impossibility to workaround it, but that these cookies are essential for non-session tracking capabilities.

Linking together cookied searches should generate pretty rich data for targeting purposes, but linking these to actual people with valid email addresses is even more important as it will allow to actually run nice targeted campaigns.

2:37 pm on Aug 10, 2004 (gmt 0)

Preferred Member

10+ Year Member

joined:Aug 20, 2003
posts:450
votes: 0


Check my original post again .. If Webmasterworld and Yahoo can establish session on a machine.. it is suprising that google's GMAL can not do that.

Sdani

2:39 pm on Aug 10, 2004 (gmt 0)

Full Member

10+ Year Member

joined:Mar 8, 2004
posts:311
votes: 0


Not if sessionID is linked to IP address with short expiration.

That will break in a number of situations. 1 user does not equal 1 IP, and 1 IP does not equal 1 user.

2:47 pm on Aug 10, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Aug 8, 2004
posts:1679
votes: 0


That will break in a number of situations. 1 user does not equal 1 IP, and 1 IP does not equal 1 user.

Agreed its not perfect. Note that it requires sessionID to be present in each URL request - it won't work if you go directly to site which will not recognise you. In order for 2 people on the same IP (corporate proxy) to see the same content that require authentication both people will need to have the same correct cryptographically strong sessionID, so user A will have to share it with user B, or user B will have to obtain it using some other means (that can allow to obtain other authentication info as well).

As I said - not perfect, not acceptable for high security situations (like online banking), but certainly a substitute for cookies in some scenarios (mobile browsers not supporting cookies?!?). I certainly do not advocate it, merely commenting about alleged "technical impossibility".

2:53 pm on Aug 10, 2004 (gmt 0)

Preferred Member

10+ Year Member

joined:Aug 20, 2003
posts:450
votes: 0


OK .. I tried again.. I blocked ALL coookies from my browser, and none of the three work (webmasterworld, yahoo mail and gmail).

So it must be different levels of cookie requiremenst when I first tried from that lab computer and only gmail did not work. Gmail was working for another guy sitting next to me.. so it was not a network problem.. it was some security setting on the desktop, which Yahoo and Webmasterworld did not care, but gmail did.

sdani

3:04 pm on Aug 10, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Aug 8, 2004
posts:1679
votes: 0


which Yahoo and Webmasterworld did not care, but gmail did.

If security is involved then its client's issue, not servers. Most likely some IE6 security setting regarding cookies, think by default 3rd party will be blocked unless P2P policy is in place.

3:11 pm on Aug 10, 2004 (gmt 0)

Senior Member from CA 

WebmasterWorld Senior Member encyclo is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 31, 2003
posts:9063
votes: 2


As others have mentioned, Gmail is a limited-availability release, so you can expect some problems.

Have you contacted Gmail support?