W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2016

Re: Proposal: Cookie Priorities

From: Mark Nottingham <mnot@mnot.net>
Date: Fri, 4 Mar 2016 11:56:35 +1100
Cc: Mike West <mkwst@google.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <ECAC4E56-9B8B-4295-A927-D6CF5447A33A@mnot.net>
To: Martin Thomson <martin.thomson@gmail.com>

> On 4 Mar 2016, at 11:53 AM, Martin Thomson <martin.thomson@gmail.com> wrote:
> 
> On 4 March 2016 at 11:02, Mark Nottingham <mnot@mnot.net> wrote:
>> What do folks -- both other browser implementers and site folks -- think about this?
> 
> 
> This is a pretty nice hole Google dug for themselves.  Though I have
> heard the same from folks at other similarly large and crufty
> organizations; it's a real problem.

FWIW - this has been my observation as well (explicitly not pointing fingers :)


> I have a small suggestion:
> 
> if (request.url.scheme == 'http') {
>  cookie.priority = 'floor';
> }
> 
> Related story, I believe that some of those people run servers that
> forcibly evict all cookies other than those on a small whitelist to
> prevent this sort of craziness.  That turns out to have beneficial
> properties.

--
Mark Nottingham   https://www.mnot.net/
Received on Friday, 4 March 2016 00:57:50 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 22 March 2016 12:47:11 UTC