Re: [whatwg/fetch] Allow connection reuse for request without credentials when TLS client auth is not in use (#341) from Anne van Kesteren on 2017-02-27 (public-webapps-github@w3.org from February 2017)

From: Anne van Kesteren <notifications@github.com>
Date: Mon, 27 Feb 2017 14:18:14 -0800
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/issues/341/282874814@github.com>

I wasn't necessarily even talking about H/2 connection coalescing. More whether that example could use two rather than three connections and whether that would leak more somehow. But one or two or three is also interesting to consider of course.

As for `tracker.example`, I don't quite understand the connection reuse for the non-credentialed socket pool. It seems you could track users than across origin visits by carefully keeping track of the connection or maybe TLS session identifiers (assuming you're embedded often enough). I guess the tradeoff is that it's only for a session and not as long as a cookie.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/341#issuecomment-282874814

Received on Monday, 27 February 2017 22:19:29 UTC