[whatwg] Cross-Origin Cookies Sharing Proposal
Nils Dagsson Moskopp
nils at dieweltistgarnichtso.net
Fri Jun 21 10:19:48 PDT 2013
Huan Du <dh20156 at gmail.com> schrieb am Fri, 21 Jun 2013 19:49:39 +0800:
> As privacy awareness becomes prevelant, the trend is that future
> browsers are going to ban third-party Cookies by default.
>
> This is a good thing for users, but for giant internet companies,
> this has no doubt increases the difficult and complexity of
> implementing user session synchronization.
I have a suspicion that the only thing that cannot be done easily
without cookies is tracking – that is, pretending that a user has an
account, but ensuring that she has not made that choice consciously.
Everything else, so it seems to me, can be done RESTful. Am I wrong?
> Is it possible to, like Cross-Origin Resource Sharing, allow a site to
> indicate which domains it would like to share Cookies with?
>
> The user account management system of Alibaba have encountered this
> issues and been troubled by this issue. It there's a proposal like
> this, it would be very nice.
Can you elaborate? Why would an account management system need sessions?
--
Nils Dagsson Moskopp // erlehmann
<http://dieweltistgarnichtso.net>
More information about the whatwg
mailing list