Cross-Origin Cookies Sharing Proposal from Huan Du on 2013-06-21 (public-webappsec@w3.org from June 2013)

From: Huan Du <dh20156@gmail.com>
Date: Fri, 21 Jun 2013 19:49:39 +0800
To: whatwg@whatwg.org, public-webappsec@w3.org, Kang-Hao Lu <kennyluck@w3.org>, 程劭非 <csf178@gmail.com>, yiorsi@gmail.com
Message-ID: <CAMBN-K4y891dJcAngvw0sBgPrpC0NFGGCuq0cL17=wrn+UB1oQ@mail.gmail.com>

Guys,

As privacy awareness becomes prevelant, the trend is that future
browsers are going to ban third-party Cookies by default.

This is a good thing for users, but for giant internet companies, this has
no doubt increases the difficult and complexity of implementing user session
synchronization.

Is it possible to, like Cross-Origin Resource Sharing, allow a site to
indicate which domains it would like to share Cookies with?

The user account management system of Alibaba  have encountered this issues
and been troubled by this issue. It there's a proposal like this, it would
be very nice.

Regards,
Charlie Du

Received on Friday, 21 June 2013 11:50:06 UTC