W3C home > Mailing lists > Public > whatwg@whatwg.org > August 2009

[whatwg] Web Storage: apparent contradiction in spec

From: Mike Shaver <mike.shaver@gmail.com>
Date: Mon, 31 Aug 2009 15:21:00 -0400
Message-ID: <cc092ba00908311221je54185ct904b5d04f8b4a502@mail.gmail.com>
On Mon, Aug 31, 2009 at 6:11 AM, Ian Hickson<ian at hixie.ch> wrote:
> We can't treat cookies and persistent storage differently, because
> otherwise we'll expose users to cookie resurrection attacks. Maintaining
> the user's expectations of privacy is critical.

By that reasoning we can't treat cookies differently from the HTTP
cache (ETag) or history (URIs with session IDs), I think.  I don't
know of any UAs that expire history/cookie/cache in sync to avoid
correlations -- if it's even possible to do so -- and I don't think
I've seen any bugs asking Firefox to do so.

Received on Monday, 31 August 2009 12:21:00 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:08:51 UTC