- From: Martin Thomson <mt@lowentropy.net>
- Date: Sat, 22 Mar 2025 03:54:51 +0700
- To: "Yoav Weiss" <yoav.weiss@shopify.com>, "Rory Hewitt" <rory.hewitt@gmail.com>
- Cc: "Daniel Stenberg" <daniel@haxx.se>, "Willy Tarreau" <w@1wt.eu>, "Daniel Veditz" <dveditz@mozilla.com>, "HTTP Working Group" <ietf-http-wg@w3.org>
On Fri, Mar 21, 2025, at 23:49, Yoav Weiss wrote: > I don't necessarily see a use case for this (and the same effect can be > achieved by setting an expired cookie, right?) > So I'd prefer to keep things as simple as possible and not go that > route. I agree. The simplest design here deletes all cookies with a matching name. Limited, of course, to those that can be read/set. Sites that rely on path or domain to separate cookies of the same name - and want to delete some, but not all - won’t be able to do that. They will have to use Set-Cookie. That seems fine to me. We don’t have to define a solution that is perfectly general.
Received on Friday, 21 March 2025 20:55:17 UTC