- From: Robert O'Callahan <robert@ocallahan.org>
- Date: Wed, 1 Apr 2009 14:25:00 +1300
On Wed, Apr 1, 2009 at 7:27 AM, Drew Wilson <atwilson at google.com> wrote: > So, the first argument against cookie races was "this is the way the web > works now - if we introduce cookie races, we'll break the web". When this > was proven to be incorrect (IE does not enforce exclusive access to > cookies), the argument has now morphed to "the web is breaking right now and > nobody notices", which is more an article of faith than anything else. > We know for sure it's possible to write scripts with racy behaviour, so the question is whether this ever occurs in the wild. You're claiming it does not, and I'm questioning whether you really have that data. I agree that designing cookie races is not a good idea. If we could go back > in time, we might design a better API for cookies that didn't introduce race > conditions. However, given where we are today, I'd say that sacrificing > performance in the form of preventing parallel network calls/script > execution in order to provide theoretical "correctness" for an API that is > already quite happily race-y is not a good tradeoff. > We don't know how much (if any) performance must be sacrificed, because no-one's tried to implement parallel cookie access with serializability guarantees. So I don't think we can say what the correct tradeoff is. In this case, I think the spec should describe the current implementation of > cookies, warts and all. > You mean IE and Chrome's implementation, I presume, since Firefox and Safari do not allow cookies to be modified during script execution AFAIK. Do we know exactly what IE7, IE8 and Chrome guarantee around parallel cookie access? Rob -- "He was pierced for our transgressions, he was crushed for our iniquities; the punishment that brought us peace was upon him, and by his wounds we are healed. We all, like sheep, have gone astray, each of us has turned to his own way; and the LORD has laid on him the iniquity of us all." [Isaiah 53:5-6] -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20090401/7e51e90f/attachment.htm>
Received on Tuesday, 31 March 2009 18:25:00 UTC