obnoxious cookie requirement

[zefram@…]

When submitting a new ticket via the web form that I'm using right now, Trac falls over and fails to log the ticket if my browser is configured to not process cookies (which is the usual state for me). I'm just performing a single submission here, all the information in one form, so there's no *use* for cookies, let alone any reason to *require* them. This requirement for me to reconfigure my browser is obnoxious, giving a poor first impression of Trac.

[anonymous]

• the trac_session cookie is used for persisting user preferences, like your name and e-mail address and other user preferences, so that you won't have to enter them over and over again
• the trac_form_token cookie is used to protect us against scripted form submission. If you known about another technique to achieve the same effect, we're all ears ;-)

I don't see us changing that, sorry for the first poor experience.

[zefram@…]

Re trac_session, that's a perfectly acceptable use of cookies, but quite irrelevant in my case since I hadn't entered any user preferences. There's no reason for this cookie to be mandatory.

Re trac_form_token, you think it's impossible for a script to collect and regurgitate a cookie? Of course, if it *were* posssible to prevent scripted form submission, you wouldn't just be preventing comment spam, you'd also be preventing the worthy use of a scripting layer to overcome the clunkiness of the web interface.

"Deliberately obnoxious" doesn't strike me as a good attitude for a bug tracker. It's noted, and opinion duly formed.

[Remy Blank]

Replying to zefram@…:

"Deliberately obnoxious" doesn't strike me as a good attitude for a bug tracker. It's noted, and opinion duly formed.

Trolling isn't a very efficient way of being taken seriously either. Noted, too, but opinion still pending due to insufficient input.