- From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- Date: Sat, 13 Jul 2013 23:40:19 +0100
- To: Yoav Nir <ynir@checkpoint.com>
- CC: Poul-Henning Kamp <phk@phk.freebsd.dk>, Mark Nottingham <mnot@mnot.net>, Sam Pullara <spullara@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
Its a bit of a moot point I guess but... On 07/13/2013 09:24 PM, Yoav Nir wrote: > allow it to persist for as long as you want I've always been amused that HTTP needs to be able to manage state for decades. It'd be truly impressive if a browser really managed state that lasts far longer than the h/w on either side and probably also longer than any piece of n/w kit in between. If HTTP/2.0 were to impose an upper bound on cookie lifetime of say, a session, that'd be good IMO. But I guess that probably would be out of charter, even if it'd be a good thing, as it'd break stuff. OTOH, it'd arguably be a good thing to leave such stuff behind when moving to HTTP/2.0. Anyway, unless there's a groundswell of wg opinion that cookies that expire in years are plain stupid and are just not doing HTTP state management, I'll probably shut up about it. S. PS: Yes, I know that forcing all cookies to be session cookies would not be a panacea. Doesn't mean it wouldn't be a good thing though.
Received on Saturday, 13 July 2013 22:40:46 UTC