On Fri, Apr 15, 2016 at 7:37 PM, Chris Peterson <cpeter...@mozilla.com>
wrote:

> On 4/15/16 7:47 AM, Tantek Çelik wrote:
>
>> What steps can we take in this direction WITHOUT breaking web compat?
>>
>
> Would this feature actually break web compatibility? Or just needlessly
> annoy users?
>
> In his original post, Henri argued that clearing non-HTTPS cookies between
> sessions would not "Break the Web". There would be no user- or
> site-detectable changes mid-session. Clearing cookies between sessions
> could be user-detectable if they get logged out or lose their shopping
> cart. Sites, OTOH, must already handle the cases were a user's cookies are
> lost between sessions. Users could clear their cookies, use Private
> Browsing mode, or log into the site from a different browser or device.
>

​Tanvi brought up this point.

On Thu, Apr 14, 2016 at 12:58 PM, Tanvi Vyas <ta...@mozilla.com> wrote:
​...​
* Even if login cookies are set over HTTPS, there are sometimes additional
cookies set over HTTP with user data in them (ex: city/zipcode).  Users may
have bad experiences on websites that rely on these secondary HTTP cookies
even if they are still logged in (ex: weather.yahoo.com for a user who is
logged into yahoo.com).
​...​

Sites might depend on a combination of https and non-https cookies and then
act strangely when a user returns to the site with only the https cookies.

Haik​

​​
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform

Reply via email to