W3C home > Mailing lists > Public > whatwg@whatwg.org > June 2013

Re: [whatwg] Cross-Origin Cookies Sharing Proposal

From: Huan Du <dh20156@gmail.com>
Date: Sat, 22 Jun 2013 11:00:36 +0800
Message-ID: <CAMBN-K6sPJkxdc-EjTKDvX9ioBn5MDO0umtGUiDpKTHBuOetcw@mail.gmail.com>
To: Nils Dagsson Moskopp <nils@dieweltistgarnichtso.net>
Cc: (wrong string) 程劭非 <csf178@gmail.com>, whatwg@whatwg.org, 一丝冰凉 <yiorsi@gmail.com>, public-webappsec@w3.org, Kang-Hao Lu <kennyluck@w3.org>
Nils,

Thanks for your feedback.

There are 3 web sites in Alibaba at least: taobao.com, tmall.com, etao.com.
all of them are using a same account management system including Sign up,
Sign in.

The requirement is simple for the account management system. when  user A
signed in taobao.com, we expect A is signed in tmall.com and etao.com.

Regards,
Charlie

2013/6/22 Nils Dagsson Moskopp <nils@dieweltistgarnichtso.net>

> Huan Du <dh20156@gmail.com> schrieb am Fri, 21 Jun 2013 19:49:39 +0800:
>
> > As privacy awareness becomes prevelant, the trend is that future
> > browsers are going to ban third-party Cookies by default.
> >
> > This is a good thing for users, but for giant internet companies,
> > this has no doubt increases the difficult and complexity of
> > implementing user session synchronization.
>
> I have a suspicion that the only thing that cannot be done easily
> without cookies is tracking  that is, pretending that a user has an
> account, but ensuring that she has not made that choice consciously.
>
> Everything else, so it seems to me, can be done RESTful. Am I wrong?
>
> > Is it possible to, like Cross-Origin Resource Sharing, allow a site to
> > indicate which domains it would like to share Cookies with?
> >
> > The user account management system of Alibaba  have encountered this
> > issues and been troubled by this issue. It there's a proposal like
> > this, it would be very nice.
>
> Can you elaborate? Why would an account management system need sessions?
>
> --
> Nils Dagsson Moskopp // erlehmann
> <http://dieweltistgarnichtso.net>
>
Received on Saturday, 22 June 2013 03:01:00 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:09:22 UTC