W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2015

Re: Revising RFC6265 ("Cookies")

From: Willy Tarreau <w@1wt.eu>
Date: Sat, 14 Nov 2015 08:43:55 +0100
To: Daniel Stenberg <daniel@haxx.se>
Cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>, Mike West <mkwst@google.com>
Message-ID: <20151114074355.GC28673@1wt.eu>
On Fri, Nov 13, 2015 at 09:01:43AM +0100, Daniel Stenberg wrote:
> On Fri, 13 Nov 2015, Mark Nottingham wrote:
> >* Our Area Director generally supports us taking on work on this 
> >specification.
> I'm very positive to this!
> >* Many have argued that RFC6265 was more successful than previous efforts 
> >because it restricted itself to documenting current behaviours, rather 
> >than speculatively adopting what seems like "good ideas" at the time.
> I would agree. Writing down how the world looks is much easier than trying 
> to agree on a way how it should be improved.

Same here. 2965 was a failure because it tried to restart from scratch
with something clean, and nobody really adopted Cookie2.

> To me, the most sensible way forward is to change cookies in a way that the 
> existing server implementations keep working (mostly) the same and only 
> introduce changes that will make cookies better for the ones that adopt the 
> news. That will then also avoid us having browsers break popular lagacy 
> sites to adopt the new cookie ways.

That's very important otherwise it will not work. Server-side people are
willing to adopt new standards if they know that what they do remains
compatible with older browsers and doesn't cause bad behaviours. But it
takes time because not every application or component is updated at the
same time.

Received on Saturday, 14 November 2015 07:44:29 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:40 UTC