Re: [http-state] draft-ietf-httpstate-cookie-05 posted

Dan Witte <dwitte@mozilla.com> Tue, 16 March 2010 18:06 UTC

Return-Path: <dwitte@mozilla.com>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 53CEC3A693F for <http-state@core3.amsl.com>; Tue, 16 Mar 2010 11:06:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.289
X-Spam-Level:
X-Spam-Status: No, score=-2.289 tagged_above=-999 required=5 tests=[AWL=0.310, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PN8HGB98M0CW for <http-state@core3.amsl.com>; Tue, 16 Mar 2010 11:06:43 -0700 (PDT)
Received: from mail.mozilla.com (corp01.sj.mozilla.com [63.245.208.141]) by core3.amsl.com (Postfix) with ESMTP id 6EE983A6845 for <http-state@ietf.org>; Tue, 16 Mar 2010 11:06:43 -0700 (PDT)
Received: from mail.mozilla.com (mail.mozilla.com [10.2.72.15]) by mail.mozilla.com (Postfix) with ESMTP id 7517F17FC345; Tue, 16 Mar 2010 11:06:42 -0700 (PDT)
Date: Tue, 16 Mar 2010 11:06:42 -0700 (PDT)
From: Dan Witte <dwitte@mozilla.com>
To: Adam Barth <ietf@adambarth.com>
Message-ID: <420576400.4454.1268762802343.JavaMail.root@cm-mail03.mozilla.org>
In-Reply-To: <5c4444771003161043l69a9035epd90a38102fe29ab1@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Originating-IP: [63.245.220.240]
X-Mailer: Zimbra 6.0.5_GA_2213.RHEL5_64 (ZimbraWebClient - FF3.0 (Mac)/6.0.5_GA_2213.RHEL5_64)
Cc: Daniel Stenberg <daniel@haxx.se>, http-state <http-state@ietf.org>
Subject: Re: [http-state] draft-ietf-httpstate-cookie-05 posted
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Mar 2010 18:06:44 -0000

----- "Adam Barth" <ietf@adambarth.com> wrote:
> The spec already lets user agents delete any cookie at any time
> because many user agents expose UI to let users delete cookies in
> various ways.

There's also a common case that's more common than people may think -- Firefox, at least, evicts cookies once the maximum table size (3000 entries) is reached, but only for cookies greater than 30 days old. People who browse many sites daily easily hit this 30 day limit. More casual users will still hit it within a few months, typically.

So, for our users at least, cookie expiries longer than, say, 6 months are pretty meaningless. :)

Regards,
Dan