- From: Huan Du <dh20156@gmail.com>
- Date: Sat, 22 Jun 2013 11:00:36 +0800
- To: Nils Dagsson Moskopp <nils@dieweltistgarnichtso.net>
- Cc: ??? <csf178@gmail.com>, whatwg@whatwg.org, ???? <yiorsi@gmail.com>, public-webappsec@w3.org, Kang-Hao Lu <kennyluck@w3.org>
Nils, Thanks for your feedback. There are 3 web sites in Alibaba at least: taobao.com, tmall.com, etao.com. all of them are using a same account management system including Sign up, Sign in. The requirement is simple for the account management system. when user A signed in taobao.com, we expect A is signed in tmall.com and etao.com. Regards, Charlie 2013/6/22 Nils Dagsson Moskopp <nils@dieweltistgarnichtso.net> > Huan Du <dh20156@gmail.com> schrieb am Fri, 21 Jun 2013 19:49:39 +0800: > > > As privacy awareness becomes prevelant, the trend is that future > > browsers are going to ban third-party Cookies by default. > > > > This is a good thing for users, but for giant internet companies, > > this has no doubt increases the difficult and complexity of > > implementing user session synchronization. > > I have a suspicion that the only thing that cannot be done easily > without cookies is tracking – that is, pretending that a user has an > account, but ensuring that she has not made that choice consciously. > > Everything else, so it seems to me, can be done RESTful. Am I wrong? > > > Is it possible to, like Cross-Origin Resource Sharing, allow a site to > > indicate which domains it would like to share Cookies with? > > > > The user account management system of Alibaba have encountered this > > issues and been troubled by this issue. It there's a proposal like > > this, it would be very nice. > > Can you elaborate? Why would an account management system need sessions? > > -- > Nils Dagsson Moskopp // erlehmann > <http://dieweltistgarnichtso.net> >
Received on Saturday, 22 June 2013 03:01:00 UTC