How often does this happen to you: although you have accepted all cookies, clicked on “log me in automatically”, made Mozilla store the password, you’re asked for identification over and over again. Two examples where this always happens (at least to me) are eBay and Amazon.
I guess one of the reasons for this is that cookies were not meant to be used for such advanced purposes.
Major weaknesses of cookies:
- Considered harmful, often browsers or companies block cookies
- Expire at non-obvious times
- Can easily be deleted accidentally
- Can you remember each username/password combo for every cookie you allowed?
- Not multi-user / multi-identity capable (I have a private and a business identity at eBay, for example)
So, why has nobody come up with a better identity store yet? I mean, it’s no rocket science, is it? Why not create an application type that every browser can implement and does all these things? it could allow for different levels of security for each site requesting identity: log me in automatically, ask me, let me chose an identity, block the site. Data might be stored on the hard disk or on a token, or be relayed to a web store.
What do you think – how come that there is nothing better than cookies today – it’s 2004 already!