Have you ever seen two lawyer argue over what "strictly necessary" means? One would claim that ad serving cookies are always "strictly necessary" to an online business, the other would argue that cookies are never "strictly necessary" because you can replicate most cookie functionality with a "?sessionid=12354" header in a GET request.
Indeed "strictly necessary" to achieve what? If it doesn't tell you then that leaves a hole the size of reality in the law through which many truckloads of lawyers salary can pass.
Strange how all those lawyers aiding the writing of the law would miss such a thing ...!?!
> you can replicate most cookie functionality with a "?sessionid=12354" header in a GET request.
That is very very risky. Let's say that [popular-site-with-logins] is hosted in EU and switches to ?sessionid=... style. Now people start sharing links to their content in the "normal" way (select url, copy, paste) and suddenly you have problems with random users being logged in as someone else. (or you have to limit session to ip, which annoys mobile users)
Indeed "strictly necessary" to achieve what? If it doesn't tell you then that leaves a whole the size of reality in the law through which many truckloads of lawyers salary can pass.
Strange how all those lawyers aiding the writing of the law would miss such a thing ...!?!
Indeed "strictly necessary" to achieve what? If it doesn't tell you then that leaves a whole the size of reality in the law through which many truckloads of lawyers salary can pass.
Strange how all those lawyers aiding the writing of the law would miss such a thing ...!?!
