Purposes Extension: Including Cookies on TSR request?

[jasonanovak]

In the July 23, 2018 Editor's Draft of Tracking Preference Expression (DNT)- Purposes Extension Addendum, the Introduction says:

Cookie headers will be present in the TSR request, and servers can determine from these what purposes the user has agreed to, and present them in a human-readable document pointed to by a new "purposes" TSR property.

Why are cookie headers in the request before the actual TSR as that, to me, seems to allow for tracking before consent.

[michael-oneill]

The TPE already says https://www.w3.org/TR/tracking-dnt/#status-checks-not-tracked that cookies should be sent in the TSR request so that the server can determine the current tracking status, and as they are there they the server can also use them to recall the purposes explained and agreed to when consent was given. The TPE requires that web activity gleaned from the incoming TSR request has to be discarded, whether DNT is 1 or 0, and cookies MUST never be placed by the response.

I have changed the paragraph to reference the TPE and added a reference to the DNT extension as potentially a more reliable method than cookies.