- From: Mike Shaver <mike.shaver@gmail.com>
- Date: Mon, 31 Aug 2009 15:21:00 -0400
On Mon, Aug 31, 2009 at 6:11 AM, Ian Hickson<ian at hixie.ch> wrote: > We can't treat cookies and persistent storage differently, because > otherwise we'll expose users to cookie resurrection attacks. Maintaining > the user's expectations of privacy is critical. By that reasoning we can't treat cookies differently from the HTTP cache (ETag) or history (URIs with session IDs), I think. I don't know of any UAs that expire history/cookie/cache in sync to avoid correlations -- if it's even possible to do so -- and I don't think I've seen any bugs asking Firefox to do so. Mike
Received on Monday, 31 August 2009 12:21:00 UTC