Re: [whatwg/storage] Classify cookies as site storage (#8) from Daniel Murphy on 2016-04-21 (public-webapps-github@w3.org from April 2016)

From: Daniel Murphy <notifications@github.com>
Date: Thu, 21 Apr 2016 10:48:30 -0700
To: whatwg/storage <storage@noreply.github.com>
Cc:
Message-ID: <whatwg/storage/issues/8/213035708@github.com>

Ah, so, just to chime in here:

We determined that the only 'safe' way to keep or clear cookies is treat them on a 'registerable domain' scope. This means, basically, eTLD+1. So if you're keeping cookies for a site, you need to keep all cookies for that registerable domain, and if you want to clear, you have to clear all cookies for that registerable domain.

Sites often do this kind of cookie usage/communication: plus.google.com -> google.com -> accounts.google.com. So clear accounts.google.com would kill all google sites (at the very least log you out). Websites don't expect this state to happen, so while google might make things technically still work, other sites might be in a permanently broken state until all cookies are cleared.

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/storage/issues/8#issuecomment-213035708

Received on Thursday, 21 April 2016 17:48:57 UTC