Re: [w3ctag/design-reviews] HTTP State Tokens (#297) from michael-oneill on 2019-04-09 (public-webapps-github@w3.org from April 2019)

From: michael-oneill <notifications@github.com>
Date: Tue, 09 Apr 2019 02:05:53 -0700
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/297/481167857@github.com>

Another thought: why not allow the expiry be delayed  by resetting on user activity, key strokes etc. So the token stays alive while there is an active session, then times out after an hour. The default duration could be smaller then also (<1hr).

From: Mike West <notifications@github.com> 
Sent: 08 April 2019 13:36
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: michael-oneill <michael.oneill@baycloud.com>; Comment <comment@noreply.github.com>
Subject: Re: [w3ctag/design-reviews] HTTP State Tokens (#297)

Y'all might be interested in skimming through https://speakerdeck.com/mikewest/cookies-are-bad-at-http-workshop-2019, which walks through the proposal at a very high level. The spec linked above should be detailed enough to pick at, but the high-level direction is what I'm most interested in at this point.

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub <https://github.com/w3ctag/design-reviews/issues/297#issuecomment-480813306> , or mute the thread <https://github.com/notifications/unsubscribe-auth/AEBCIvNHrNYqrW3RZiWkzA1ly_Vcophpks5vezeqgaJpZM4V8N8q> .  <https://github.com/notifications/beacon/AEBCIh3emTlICNMX_wZrjFYK6noXdjAzks5vezeqgaJpZM4V8N8q.gif> 

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/297#issuecomment-481167857

Received on Tuesday, 9 April 2019 09:06:15 UTC