Some half-baked thoughts about cookies. from Mike West on 2018-08-14 (ietf-http-wg@w3.org from July to September 2018)

From: Mike West <mkwst@google.com>
Date: Tue, 14 Aug 2018 12:38:24 +0200
To: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CAKXHy=d6EaSO-SKRTEVDWfBcgf_FoFBj2gN4xmrR5q79yxSpXw@mail.gmail.com>

Hey folks,

https://github.com/mikewest/http-state-tokens suggests that we should
introduce a client-controlled, origin-bound, HTTPS-only session identifier
for network-level state management. And eventually deprecate cookies.

I think there's a conversation here worth having, and this group has
thought a lot about the space over the last decade or two. I'd appreciate
y'all's feedback, both about the problems the document discusses with
regard to cookies as they exist today, and about the sketchy proposal it
advances about managing HTTP state in the future.

Thanks!

-mike

Received on Tuesday, 14 August 2018 10:46:18 UTC