W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2015

Re: Revising RFC6265 ("Cookies")

From: Cory Benfield <cory@lukasa.co.uk>
Date: Fri, 13 Nov 2015 11:20:06 +0000
Cc: Mark Nottingham <mnot@mnot.net>, Mike West <mkwst@google.com>, Daniel Stenberg <daniel@haxx.se>
Message-Id: <E3004578-B0BE-4886-88D9-66C0DC71BD34@lukasa.co.uk>
To: HTTP Working Group <ietf-http-wg@w3.org>

> On 13 Nov 2015, at 08:01, Daniel Stenberg <daniel@haxx.se> wrote:
> On Fri, 13 Nov 2015, Mark Nottingham wrote:
>> * Our Area Director generally supports us taking on work on this specification.
> I'm very positive to this!

Me too.

> To me, the most sensible way forward is to change cookies in a way that the existing server implementations keep working (mostly) the same and only introduce changes that will make cookies better for the ones that adopt the news. That will then also avoid us having browsers break popular lagacy sites to adopt the new cookie ways.

I think Daniel is right here. Cookies in general are a massive can of worms, and I have no confidence whatsoever that we’d be able to introduce sweeping breaking changes, or even really any breaking changes at all. Clients will likely be prepared to support the new hotness, whatever that is, but servers and applications will gain absolutely nothing by doing so and will therefore probably simply not do it. For that reason, clients would continue to *also* support cookies, which means the status quo would continue and we’d have gained nothing.

Speaking to call for intent to implement, I think this is reasonable as well. If the rest of the WG decides that these are useful enhancements, I’m willing to do the work to provide them in the Python world at the very least.


Received on Friday, 13 November 2015 11:20:35 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:40 UTC