Chris, Le 14 avr. 2016 à 17:54, Chris Peterson <cpeter...@mozilla.com> a écrit : > Instead, I propose treating all cookies set over non-secure HTTP as session > cookies, regardless of whether they have the `secure` flag. […] To test my > proposal, I loaded the home pages of the Alexa Top 25 News sites [2].
To test the proposal, I think: 1. It should be on the 1,000 to 10,000 top Alexa Web sites. 2. It should take into account all sites that are just setting preferences over HTTP. cookies are not always used for username/password but apart of tracking for ads, they also are used for keeping the state on some choices such as languages, number of results returned, etc (without an account). If we surprise the users with something giving the impression of a broken user experience compared to other browsers. We will get more Web compat reports which are not compat report. More specifically we have to weight how do we help users? Some scenario I could see. * A preference explaining users that could ask the browser to forget about their insecure cookies and explaining the consequences for their user experience. And how to switch it off. * A common action of all browsers together at the same time (unlikely to happen but we can try). -- Karl Dubost, Mozilla http://www.la-grange.net/karl/moz _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
