On Tue, Apr 14, 2015 at 3:29 AM, Henri Sivonen <hsivo...@hsivonen.fi> wrote: > Specifically, on point #2, I think we should start by, by default, > forgetting all cookies that don't have the "secure" flag set at the > end of the Firefox session. Persistent cookies have two main use > cases: > * On login-requiring sites, not requiring the user to have to > re-enter credentials in every browser session. > * Behavioral profiling.
This is a reasonable proposal. I think that this, as well as the caching suggestion up-thread, fall into the general category of things we've identified as "persistence" features. Persistence has been identified as one of the most dangerous aspects of the unsecured web. I like this sort of approach, because it can be implemented at a much lower https:// adoption rate (i.e., today's rate) than other more obvious things. _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
