Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cookie layering #2084

Open
annevk opened this issue Apr 29, 2022 · 2 comments
Open

Cookie layering #2084

annevk opened this issue Apr 29, 2022 · 2 comments

Comments

@annevk
Copy link

annevk commented Apr 29, 2022

While most cookies don't have layers in my experience (turns out that is limited), some layering would be appropriate for the HTTP State Management Mechanism. I touched upon this last year in #1430, but thought I would raise it again after the W3C Privacy CG had a discussion about this yesterday.

I thought I'd describe my idea for how this could work as a conversation starter. But to be clear, I'm open to alternatives. What I'd like to see is that the cookie specification describes cookies (as a concept/object) and how to parse and serialize Set-Cookie and Cookie headers. We'd continue to define new attributes and anything syntax-related in the cookie specification. (Through revisions, essentially as it's maintained now.)

That leaves storage and some amount of logic around that. For web browsers in particular we need to get a better hold of that to define document.cookie, Fetch, and in general websites better. That doesn't necessarily mean that the cookie specification shouldn't touch them at all and I think it should continue to describe a default model there, especially given non-web-browser clients. But web browser specifications (Fetch, HTML) should be allowed to define a model that integrates more tightly, perhaps as long as certain base requirements in the cookie specification aren't violated. In turn, that would also allow the cookie specification itself to be more agnostic of browsers as the current draft contains a lot of logic particular to subresources of HTML documents, workers, etc.

Any thoughts about this would be greatly appreciated!

@sbingler
Copy link
Collaborator

Just adding my support (and couple tags) for this proposal, I like the idea of putting pieces in the layers they belong.
I'd like to spend more time on this once 6265bis is out the door.

@annevk
Copy link
Author

annevk commented Jul 7, 2023

#1593 has some good ideas for this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Development

No branches or pull requests

2 participants