W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2016

Re: Proposal: Cookie Priorities

From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 4 Mar 2016 11:53:23 +1100
Message-ID: <CABkgnnWd-cyTiX1dt_bOOjHYZ0OMzJ-tqcwv0=nF60PJuj=tEA@mail.gmail.com>
To: Mark Nottingham <mnot@mnot.net>
Cc: Mike West <mkwst@google.com>, HTTP Working Group <ietf-http-wg@w3.org>
On 4 March 2016 at 11:02, Mark Nottingham <mnot@mnot.net> wrote:
> What do folks -- both other browser implementers and site folks -- think about this?


This is a pretty nice hole Google dug for themselves.  Though I have
heard the same from folks at other similarly large and crufty
organizations; it's a real problem.

I have a small suggestion:

if (request.url.scheme == 'http') {
  cookie.priority = 'floor';
}

Related story, I believe that some of those people run servers that
forcibly evict all cookies other than those on a small whitelist to
prevent this sort of craziness.  That turns out to have beneficial
properties.
Received on Friday, 4 March 2016 01:01:40 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 22 March 2016 12:47:11 UTC