-
Notifications
You must be signed in to change notification settings - Fork 35
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cookie event batching and firing #230
Comments
To rephrase a question I think Anne's comment is asking: Do we send events to active documents when 1) users are deleting cookies and 2) cookies expire naturally over time? |
I have another question. What if you change and delete the same cookie in a single batch? How do you determine from these events what the current state of the cookie is? |
This public design doc might be helpful, but no guarantee it matches reality. Recalling the intent, but not necessarily what is currently implemented:
@ayuishii may remember more |
Thanks, overall that makes sense as a model to standardize I think. Might need some more thought on how to handle naturally expiring cookies. But perhaps only expiring at the time of a next request or explicit As for changes, so if you make multiple changes to a single cookie in a response, you'd only get a single event for only the last change. That's fair, but I don't think that's currently defined at all. |
@inexorabletash @DCtheTall @ayuishii could any of you help describe the cookie event batch semantics?
While in theory the current specification allows implementers to do whatever, I'm not convinced that's good enough. It seems quite conceivable that if one implementation batches for incoming responses and another doesn't, web developers will run into issues.
One thing I had in mind is that the IETF Cookies I-D provides a very low-level hook that is called whenever something happens. In theory this would allow for batching, but it might mean that other cookie changes that happen at the same time might also end up in the same batch.
An alternative might be Johann's suggestion of passing around some kind of batch ID when we know we'll process multiple cookies at once.
A related query here is when the event should be fired for eviction as it seems there might be some side-channel opportunities there. And we might also not want to continuously monitor for that.
And in particular when the end user evicts probably nothing should be fired and the website should be reloaded to reset state?
cc @johannhof
The text was updated successfully, but these errors were encountered: