- From: Daniel Veditz <dveditz@mozilla.com>
- Date: Wed, 29 Aug 2018 09:52:51 -0700
- To: Martin J. Dürst <duerst@it.aoyama.ac.jp>
- Cc: Willy Tarreau <w@1wt.eu>, HTTP Working Group <ietf-http-wg@w3.org>
Received on Wednesday, 29 August 2018 16:53:35 UTC
On Wed, Aug 29, 2018 at 2:05 AM, Martin J. Dürst <duerst@it.aoyama.ac.jp> wrote: > On Tue, Aug 28, 2018 at 10:02:34AM -0700, Daniel Veditz wrote: > >> >>> No asking! Opinionated browsers could >>> [impose a shorter max-age] today if they wanted to >>> >> > From everything I have heard about users and browsers, my guess is that > users would blame the browser and switch to another browser. > If it's too short, sure. The length would be a decision the browser vendor ought to make carefully based on data and user studies. The default would no doubt have to be longer than the more privacy-conscious users would want which is why a user-adjustable setting would be nice. I'm confident users wouldn't even notice a cap of a year, for example, and that's a lot shorter than the many "expires in 2038" cookies I see. What about a month? Probably fine. A week? I think users would start noticing and get annoyed. But that's just guessing and such a decision shouldn't be based on guesses. - Dan Veditz
Received on Wednesday, 29 August 2018 16:53:35 UTC