Re: fyi: Tab-level cookies for the browser from David Morris on 2009-07-29 (ietf-http-wg@w3.org from July to September 2009)

From: David Morris <dwm@xpasc.com>
Date: Wed, 29 Jul 2009 09:26:35 -0700 (PDT)
cc: HTTP Working Group <ietf-http-wg@w3.org>, Micah Lemonik <micah@google.com>
Message-ID: <Pine.LNX.4.64.0907290920120.3321@egate.xpasc.com>

I would prefer a solution which identifies some form of scope for cookies. 
This isn't a tab issue as the same problem exists for multiple browser 
windows. Browser tend to share cookies between all open windows. Certainly 
there are applications which open windows and/or other wise collaborate 
between windows which would want the cookie scope limited to more than one 
window.

On Wed, 29 Jul 2009, =JeffH wrote:

> 1. I did not originate the message Daniel Stenberg responds to, fwiw. Micah 
> Lemonik <micah@google.com> apparently originated it.
>
> 2. I overall agree with Daniel Stenberg's assessment.
>
>
> =JeffH
>
>
> Subject: Re: fyi: Tab-level cookies for the browser
> From: Daniel Stenberg <daniel@haxx.se>
> Date: Wed, 29 Jul 2009 13:46:12 +0200 (CEST)
> To: =JeffH <Jeff.Hodges@KingsMountain.com>
> Cc: HTTP Working Group <ietf-http-wg@w3.org>
>
> On Wed, 29 Jul 2009, =JeffH wrote:
>
>> We would like to propose the browser add tab-level cookies that will
>> override the global process-level cookie in a given tab. That is if a tab
>> override cookie is set on a particular tab, that cookie will be used in
>> place of the global cookie. Tab level cookies would last the lifetime of a
>> tab and would propagate to child tabs.
>
> [...]
>
>> I would love to hear feedback from this list on how this might work in
>> browsers and/or alternative solutions.
>
> I fail to see a way how the server can give any particular useful hints about
> the cookie like "This is suitable for a tab" or "This is for a whole 
> browser".
> After all, I would figure a browser could decided to do more or less *ALL*
> cookies separate in their own tabs.
>
> The problems for a browser inlcude how to know what cookies to save and which
> that would be used globally etc. I would assume that it would make separate
> cookie jars and let the user match jars with tabs or something. And possibly
> make one of the tab's jars become the global jar...
>
> I don't think this is a HTTP(-bis) issue. Even if the http-state list is
> mostly dead...
>
> -- 
>
>  / daniel.haxx.se
>

Received on Wednesday, 29 July 2009 16:27:21 UTC