Re: fyi: Tab-level cookies for the browser from Yngve N. Pettersen on 2009-07-29 (ietf-http-wg@w3.org from July to September 2009)

From: Yngve N. Pettersen <yngve@opera.com>
Date: Wed, 29 Jul 2009 23:14:05 +0200
To: "Bil Corry" <bil@corry.biz>
Cc: "HTTP Working Group" <ietf-http-wg@w3.org>
Message-ID: <op.uxuk9rt8kvaitl@lessa-ii>

On Wed, 29 Jul 2009 22:06:30 +0200, Bil Corry <bil@corry.biz> wrote:

> Yngve N. Pettersen wrote on 7/29/2009 1:04 PM:
>> As an example of why tab cookies would be a problem, my method of
>> surfing is to close the tabs when my task in them is completed, though I
>> know others work differently. I may have quite a few tabs open at a
>> time, but I close them when I no longer need them, and use bookmarks
>> when I want to go back to the site. Using tab-specific cookies would not
>> work for a user that work like I do. If I was logged into multiple
>> webmail accounts at a time, I'd like to arrive at a frontpage and select
>> the account(s) when I again opened up the webmail service.
>
> It may be I'm not correctly understanding the proposal or your  
> objection, but I'm not following the problem you presented.  Regardless  
> if you close an existing tab, opening a new tab will start the tab with  
> an empty tab-cookie jar and the site would require you log in again.   
> This may annoy those who like to close the tab, open a new one and be  
> automatically logged in, but I imagine that's up to the server to  
> consider when deciding to implement it.

Bil: The whole point about being logged into multiple webmail accounts at  
the same time in the same browser instance, is to be able to use them  
seamlessly in parallel, in multiple tabs. And you also want to be able to  
get back to all those accounts with aminimum amount of fuss.

The proposal is to use tabspecific session cookies to control which  
account is displayed in each tab.

My objection above (aside from the complexity issues) is that with that  
type of operation then my way of working, which is to close the tab when I  
am finished with it, as well as somebody accidentally closing a tab, mean  
I will most likely have to log in again in order to use the account again  
(I can think of ways that that can be avoided, but then you are already  
halfway to my URI path proposal). OTOH the whole point about being logged  
into multiple accounts is to avoid logging in again when you wan to change  
context to another account.

IMO there are probably several ways to allow a user to be logged into  
multiple accounts at the same time, without resorting to tabspecific  
cookies. One way is to store all information about the accessed accounts  
in the serverside state and use the URL path to determine which account is  
being used. There may be other methods as well. The benefit of these  
methods is that it will work in older clients as well.

-- 
Sincerely,
Yngve N. Pettersen

********************************************************************
Senior Developer                     Email: yngve@opera.com
Opera Software ASA                   http://www.opera.com/
Phone:  +47 24 16 42 60              Fax:    +47 24 16 40 01
********************************************************************

Received on Wednesday, 29 July 2009 21:14:52 UTC