Re: [w3ctag/design-reviews] HTTP State Tokens (#297) from Daniel Appelquist on 2019-09-10 (public-webapps-github@w3.org from September 2019)

From: Daniel Appelquist <notifications@github.com>
Date: Mon, 09 Sep 2019 23:23:30 -0700
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/297/529789480@github.com>

@mikewest after reviewing your RFC and especially point 1.2, I remain puzzled as to why developers would switch to http state tokens at all if cookies still exist? Why not "fix" cookies so that they have the security behaviour you're describing. @dbaron points out that this would "break" some content. Maybe it's time to break some content?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/297#issuecomment-529789480

Received on Tuesday, 10 September 2019 06:23:52 UTC