- From: Nils Dagsson Moskopp <nils@dieweltistgarnichtso.net>
- Date: Fri, 21 Jun 2013 19:19:48 +0200
- To: Huan Du <dh20156@gmail.com>
- Cc: 程劭非 <csf178@gmail.com>, whatwg@whatwg.org, yiorsi@gmail.com, public-webappsec@w3.org, Kang-Hao Lu <kennyluck@w3.org>
Huan Du <dh20156@gmail.com> schrieb am Fri, 21 Jun 2013 19:49:39 +0800: > As privacy awareness becomes prevelant, the trend is that future > browsers are going to ban third-party Cookies by default. > > This is a good thing for users, but for giant internet companies, > this has no doubt increases the difficult and complexity of > implementing user session synchronization. I have a suspicion that the only thing that cannot be done easily without cookies is tracking – that is, pretending that a user has an account, but ensuring that she has not made that choice consciously. Everything else, so it seems to me, can be done RESTful. Am I wrong? > Is it possible to, like Cross-Origin Resource Sharing, allow a site to > indicate which domains it would like to share Cookies with? > > The user account management system of Alibaba have encountered this > issues and been troubled by this issue. It there's a proposal like > this, it would be very nice. Can you elaborate? Why would an account management system need sessions? -- Nils Dagsson Moskopp // erlehmann <http://dieweltistgarnichtso.net>
Received on Friday, 21 June 2013 17:20:22 UTC