Also, @metromoxie has implemented a pass at https://tools.ietf.org/html/draft-west-leave-secure-cookies-alone …. We might still tweak the eviction rules, but secure now means secure.
-
-
Replying to @mikewest
@mikewest@metromoxie Is it not possible to simply say that you should never delete a secure cookie to make room for a non-secure cookie?1 reply 0 retweets 0 likes -
Replying to @BRIAN_____
@BRIAN_____: Yes. That's what we want to say. That's what I think the spec says. I'm pretty sure that's what@metromoxie implemented. :)1 reply 0 retweets 0 likes -
Replying to @mikewest
@mikewest@metromoxie "before removing any non-expired secure cookie" != "without ever removing any non-expired secure cookie".2 replies 0 retweets 1 like -
Replying to @BRIAN_____
@BRIAN_____: So if inserting a non-secure cookie would trigger eviction, _it_ would be removed.@metromoxie1 reply 0 retweets 0 likes -
Replying to @mikewest
@mikewest@metromoxie "it" = the new non-secure cookie? If so, I agree that's what should happen; It's not clear that that's what spec says.2 replies 0 retweets 0 likes -
Replying to @BRIAN_____
@BRIAN_____: We agree on the expectation, so I'm happy to clarify in the spec. What would you like it to say?@metromoxie1 reply 0 retweets 0 likes
@mikewest @metromoxie Call out the case where eviction is triggered by insertion, noting the to-be-inserted cookie needs to be considered.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.