I think it's short-sighted to call cookies an integral part of collaboration. I never needed flour, butter, and sugar to work with people before! Many sites work great without them. If my stock broker (Datek) can do it, so can OpenACS. I'd like to see some effort go into documenting how to set up a cookieless ACS site. I'm not (yet) a web guru, but I imagine that setting up a secure site and using the SSL session key as an identifier would be one way. Another way would be to encode the state in the URL, but to have particular pages that are bookmarkable. Setting up the public areas with stateful URLs and switching to using the authentication info when the user logs in would be another. I have to set up some sites that will be used by ornery professors from dozens of countries. Life will be much easier if I can avoid cookies and the complaints I'll receive if I use them. There are so many good sites done without cookies, and so many privacy concerns related to them, that it really behooves us to use our noggins and think our ways around them. Having done time at MIT, I know the folks at LCS are up to it, and I'm a little surprised that cookie evangelism is coming out of the cradle of the LPF and FSF.
All of this would be so much less of an issue if Netscape would just put in a cookie configurator that would allow you to accept or deny cookies from particular sources, and query for the rest.
--jh--
