W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2018

Some half-baked thoughts about cookies.

From: Mike West <mkwst@google.com>
Date: Tue, 14 Aug 2018 12:38:24 +0200
Message-ID: <CAKXHy=d6EaSO-SKRTEVDWfBcgf_FoFBj2gN4xmrR5q79yxSpXw@mail.gmail.com>
To: HTTP Working Group <ietf-http-wg@w3.org>
Hey folks,

https://github.com/mikewest/http-state-tokens suggests that we should
introduce a client-controlled, origin-bound, HTTPS-only session identifier
for network-level state management. And eventually deprecate cookies.

I think there's a conversation here worth having, and this group has
thought a lot about the space over the last decade or two. I'd appreciate
y'all's feedback, both about the problems the document discusses with
regard to cookies as they exist today, and about the sketchy proposal it
advances about managing HTTP state in the future.


Received on Tuesday, 14 August 2018 10:46:18 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 14 August 2018 10:46:19 UTC