I've seen a number of companies I've worked with using a combination of Web Storage and Local Storage to store state info locally on the browser, updating it using a cookie which has a Base64-encoded value. It obviates the need to pass every cookie back and forth with every request/response and it ensures that the cookie contains only a subset of (always allowed) characters. These customers wrote client code to handle updates to webStorage and localStorage in a similar manner to how they read/update cookies. I'm wondering whether there could be some browser support for a standard mechanism like this, which uses domain-specific protected portions of browser storage... On Wed, Dec 4, 2024 at 6:01 PM Daniel Veditz <dveditz@mozilla.com> wrote: > On Mon, Dec 2, 2024 at 10:28 PM Willy Tarreau <w@1wt.eu> wrote: > >> Among the needs I've identified quite a few times in the field [...] >> > 2. the difficulty to store arbitrarily long cookies >> > > That should be more than difficult: the cookie specs have always > explicitly forbidden arbitrarily long cookies. The practical limits imposed > by servers and the network are even less than the spec allows. > > 3. the difficulty to purge all cookies associated with a given session >> > > A `Clear-site-data: cookies` response header will do that in browsers > these days, if "given session" means all the cookies for the entire domain > and not some subset of that. > > -Dan Veditz > -- Rory Hewitt https://www.linkedin.com/in/roryhewitt
Received on Thursday, 5 December 2024 17:26:43 UTC