Chris,

Le 14 avr. 2016 à 17:54, Chris Peterson <cpeter...@mozilla.com> a écrit :
> Instead, I propose treating all cookies set over non-secure HTTP as session 
> cookies, regardless of whether they have the `secure` flag. […] To test my 
> proposal, I loaded the home pages of the Alexa Top 25 News sites [2].

To test the proposal, I think:

1. It should be on the 1,000 to 10,000 top Alexa Web sites.
2. It should take into account all sites that are just setting preferences over 
HTTP.
   cookies are not always used for username/password but apart of tracking for 
ads, they also are used for keeping the state on some choices such as 
languages, number of results returned, etc (without an account).

If we surprise the users with something giving the impression of a broken user 
experience compared to other browsers. We will get more Web compat reports 
which are not compat report. 

More specifically we have to weight how do we help users?

Some scenario I could see. 
* A preference explaining users that could ask the browser to forget about 
their insecure cookies and explaining the consequences for their user 
experience. And how to switch it off. 
* A common action of all browsers together at the same time (unlikely to happen 
but we can try).





-- 
Karl Dubost, Mozilla
http://www.la-grange.net/karl/moz

_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform

Reply via email to