W3C home > Mailing lists > Public > public-webappsec@w3.org > June 2013

Re: [whatwg] Cross-Origin Cookies Sharing Proposal

From: Nils Dagsson Moskopp <nils@dieweltistgarnichtso.net>
Date: Fri, 21 Jun 2013 19:19:48 +0200
To: Huan Du <dh20156@gmail.com>
Cc: whatwg@whatwg.org, public-webappsec@w3.org, Kang-Hao Lu <kennyluck@w3.org>, 程劭非 <csf178@gmail.com>, yiorsi@gmail.com
Message-ID: <20130621191948.71e3bbb9@desudesudesu>
Huan Du <dh20156@gmail.com> schrieb am Fri, 21 Jun 2013 19:49:39 +0800:

> As privacy awareness becomes prevelant, the trend is that future
> browsers are going to ban third-party Cookies by default.
> 
> This is a good thing for users, but for giant internet companies,
> this has no doubt increases the difficult and complexity of
> implementing user session synchronization.

I have a suspicion that the only thing that cannot be done easily
without cookies is tracking – that is, pretending that a user has an
account, but ensuring that she has not made that choice consciously.

Everything else, so it seems to me, can be done RESTful. Am I wrong?

> Is it possible to, like Cross-Origin Resource Sharing, allow a site to
> indicate which domains it would like to share Cookies with?
> 
> The user account management system of Alibaba  have encountered this
> issues and been troubled by this issue. It there's a proposal like
> this, it would be very nice.

Can you elaborate? Why would an account management system need sessions?

-- 
Nils Dagsson Moskopp // erlehmann
<http://dieweltistgarnichtso.net>
Received on Friday, 21 June 2013 17:20:18 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:02 UTC