- From: Mike West <notifications@github.com>
- Date: Wed, 12 Aug 2015 01:25:15 -0700
- To: whatwg/storage <storage@noreply.github.com>
Received on Wednesday, 12 August 2015 08:25:43 UTC
The big issue with cookies is that they aren't origin-scoped. That is, `subdomain.example.com` has distinct localstorage with `other.example.com`, but shares `.example.com` cookies. It's not clear that there's a good way to model that in an origin-based system. `Clear-Site-Data` currently says something like what you're suggesting, @davidsgrogan, in https://w3c.github.io/webappsec/specs/clear-site-data/#clear-cookies. It's not really clear to me whether that's the right answer, but it's at least internally consistent. --- Reply to this email directly or view it on GitHub: https://github.com/whatwg/storage/issues/8#issuecomment-130214717
Received on Wednesday, 12 August 2015 08:25:43 UTC