W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2013

Re: HTTP router point-of-view concerns

From: Willy Tarreau <w@1wt.eu>
Date: Sat, 13 Jul 2013 21:12:02 +0200
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
Cc: Sam Pullara <spullara@gmail.com>, Mark Nottingham <mnot@mnot.net>, James M Snell <jasnell@gmail.com>, Martin Thomson <martin.thomson@gmail.com>, Amos Jeffries <squid3@treenet.co.nz>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <20130713191202.GN32054@1wt.eu>
On Sat, Jul 13, 2013 at 06:43:20PM +0000, Poul-Henning Kamp wrote:
> In message <20130713173222.GM32054@1wt.eu>, Willy Tarreau writes:
> >On Sat, Jul 13, 2013 at 09:49:42AM -0700, Sam Pullara wrote:
> >I'm sorry, but cookies are *not* evil. 
> Cookies are not evil, but they cause problems which HTTP/2.0 does not
> need to cause.
> "Automatic EU Cookie directive compliance" would be a really great
> selling point.
> >We could possibly support very short cookies (eg: 16 bit). That should be
> >enough for most large deployments, and clearly not enough to track users.
> I think it is smarter to both solve the cookie and session problems with
> a single field.

No problem but we really need the server side to be able to adjust
part of this field. If we have a 128-bit session ID whose 16 first
bits are preset to zero by the client and may be changed by the
server, we can most likely replace the existing cookie system (it
will also permit servers to handle some of the duplicates that
clients would inevitably cause).

Received on Saturday, 13 July 2013 19:14:00 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:14 UTC