- From: Daniel Rubery <notifications@github.com>
- Date: Tue, 02 Sep 2025 15:36:26 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 2 September 2025 22:36:30 UTC
drubery left a comment (w3ctag/design-reviews#1052) One more piece of feedback from Okta > I'm concerned that this approach adds a lot of complexity. It would require significant development from our team and may not be such a feasible solution. We think this is a feature browsers should handle automatically. The current system, which allows websites to trigger a refresh as needed, works well for us. From a security perspective, we don’t want to allow any requests with an expired DBSC-bound cookie to reach the server anyway. Placing this burden on individual websites to manage requests when a cookie expires will likely make it difficult for them to adopt DBSC. -- Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/1052#issuecomment-3247013880 You are receiving this because you are subscribed to this thread. Message ID: <w3ctag/design-reviews/issues/1052/3247013880@github.com>
Received on Tuesday, 2 September 2025 22:36:30 UTC