@mikewest @metromoxie Is it not possible to simply say that you should never delete a secure cookie to make room for a non-secure cookie?
-
-
Replying to @BRIAN_____
@BRIAN_____: Yes. That's what we want to say. That's what I think the spec says. I'm pretty sure that's what@metromoxie implemented. :)1 reply 0 retweets 0 likes -
Replying to @mikewest
@mikewest@metromoxie "before removing any non-expired secure cookie" != "without ever removing any non-expired secure cookie".2 replies 0 retweets 1 like -
Replying to @BRIAN_____
@BRIAN_____: So if inserting a non-secure cookie would trigger eviction, _it_ would be removed.@metromoxie1 reply 0 retweets 0 likes -
Replying to @mikewest
@mikewest@metromoxie "it" = the new non-secure cookie? If so, I agree that's what should happen; It's not clear that that's what spec says.2 replies 0 retweets 0 likes -
Replying to @BRIAN_____
@mikewest@metromoxie In particular, I expect implementations will do:: while (not enough space) { evict a cookie } insert the new cookie1 reply 0 retweets 1 like -
Replying to @BRIAN_____
@BRIAN_____: I'm 99% sure that's not the way Chrome works, as I just reviewed@metromoxie's patch. We insert, then garbage-collect.1 reply 0 retweets 1 like -
Replying to @mikewest
@mikewest@metromoxie Not questioning that. I'm just saying that the spec seems to currently allow the behavior I described.1 reply 0 retweets 1 like -
Replying to @BRIAN_____
@BRIAN_____: I think it doesn't, but the only way to know that is to read all of the existing RFC, which is nuts. I'll clarify.@metromoxie1 reply 0 retweets 0 likes -
Replying to @mikewest
@mikewest@metromoxie In the IETF anything not explicitly disallowed is allowed. Nothing disallows eviction before step 1 in RFC6265§5.3.3 replies 0 retweets 1 like
@mikewest @metromoxie Anyway, like always, I'm just pointing out minute details. Good job!
-
-
Replying to @BRIAN_____
@BRIAN_____: Like always, I appreciate it.@metromoxie0 replies 0 retweets 1 likeThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.