W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2016

Re: Defining First and Third Party Cookies

From: Matthew Kerwin <matthew@kerwin.net.au>
Date: Wed, 20 Jan 2016 07:41:10 +1000
Message-ID: <CACweHNBaJHFT9B=fd3siXw0WmMrM_kA+mt5sLFAg4yhK3dc4bQ@mail.gmail.com>
To: Mike West <mkwst@google.com>
Cc: Mark Nottingham <mnot@mnot.net>, ietf-http-wg@w3.org, "Roy T. Fielding" <fielding@gbiv.com>
On 19/01/2016 10:15 PM, "Mike West" <mkwst@google.com> wrote:
> On Mon, Jan 18, 2016 at 11:52 PM, Matthew Kerwin <matthew@kerwin.net.au>
>> * local / remote cookies
>> * internal / external cookies
>> The English words are pretty open, and AFAIK they're not really used in
this domain, so there's hopefully less chance of them carrying particular
arbitrary definitions for folk who encounter them (unlike "site" which
means many things to many people.)
> I think most words are going to carry some baggage, "internal",
"external", "local", and "remote" included. I mean, all cookies are
"external" in the sense that they're sent out there to the public internet,
and all cookies are "local" in that they're stored on my hard drive. We can
define those terms in this context to mean something else, certainly, but
we could also solidify the definition of "site" as it applies to cookies.

Fair enough.

>> That means the definition we write will be the first/true one.
> Except insofar as the world has already settled on
"first-party"/"third-party". :) Colloquial usage of those terms is fairly
pervasive (see Chrome, Firefox, and Edge's settings pages, as well as
RFC6265 itself). Lawyers aside, those are the "first" and "true"
definitions that exist status quo.
> Safari is the only browser I know of that avoids the "*-party"
terminology, settling for "Cookies from this website" and "websites I
visit", which lead me to "site" as a potentially viable option which has
similar connotations to the verbose-but-accurate "same-registrable-domain".

That makes sense. I'll happily go with whatever is settled on, I think I
like 'site'.

By the way, what happened to "second party" cookies?
Received on Tuesday, 19 January 2016 21:41:40 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 22 March 2016 12:47:11 UTC