[http-state] Tab-level cookies for the browser

Micah Lemonik <micah@google.com> Tue, 28 July 2009 20:41 UTC

Return-Path: <micah@google.com>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id 010D93A6E1D for <http-state@core3.amsl.com>; Tue, 28 Jul 2009 13:41:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.976
X-Spam-Status: No, score=-101.976 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id a+gYcMREkcZW for <http-state@core3.amsl.com>; Tue, 28 Jul 2009 13:41:51 -0700 (PDT)
Received: from smtp-out.google.com (smtp-out.google.com []) by core3.amsl.com (Postfix) with ESMTP id 594863A6DBD for <http-state@ietf.org>; Tue, 28 Jul 2009 13:41:48 -0700 (PDT)
Received: from wpaz5.hot.corp.google.com (wpaz5.hot.corp.google.com []) by smtp-out.google.com with ESMTP id n6SKfn5r030625 for <http-state@ietf.org>; Tue, 28 Jul 2009 13:41:49 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1248813709; bh=QgRKEOm5PB/FcVzxNKJDFSOvHeg=; h=DomainKey-Signature:MIME-Version:From:Date:Message-ID:Subject:To: Cc:Content-Type:X-System-Of-Record; b=OYgtaOBeUPrbPthu8gnGbx9/xzqj RCGWP4Q/d8cLmdH9Gcq9NonGGouTOHsBVS1RXOq2fq8piEmnkzjTdLkjdw==
DomainKey-Signature: a=rsa-sha1; s=beta; d=google.com; c=nofws; q=dns; h=mime-version:from:date:message-id:subject:to:cc: content-type:x-system-of-record; b=X7emVNazWV4jgZSMauK9l60rVeDR1MlJxIR2dwTvF/3ie498MNIrmSAvCS4WJvCoz ecKH/UNdL5cctIjX9WKBQ==
Received: from fxm11 (fxm11.prod.google.com []) by wpaz5.hot.corp.google.com with ESMTP id n6SKfkC2022080 for <http-state@ietf.org>; Tue, 28 Jul 2009 13:41:47 -0700
Received: by fxm11 with SMTP id 11so318371fxm.18 for <http-state@ietf.org>; Tue, 28 Jul 2009 13:41:46 -0700 (PDT)
MIME-Version: 1.0
Received: by with SMTP id m6mr56370fgb.1.1248813706294; Tue, 28 Jul 2009 13:41:46 -0700 (PDT)
From: Micah Lemonik <micah@google.com>
Date: Tue, 28 Jul 2009 16:41:26 -0400
Message-ID: <9c4a5f1e0907281341h2edb469bgb1a40152fedd7486@mail.gmail.com>
To: http-state@ietf.org
Content-Type: multipart/alternative; boundary=000e0cd2498c5ac38b046fca19cc
X-System-Of-Record: true
X-Mailman-Approved-At: Tue, 28 Jul 2009 13:50:08 -0700
Cc: Ronald Ho <ronaldho@google.com>, "Chandra, Rishi" <rchandra@google.com>, Jonathan Sergent <sergent@google.com>
Subject: [http-state] Tab-level cookies for the browser
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Discuss HTTP State Management Mechanism <http-state@ietf.org>
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jul 2009 20:44:09 -0000


We would like to propose the browser add tab-level cookies that will
override the global process-level cookie in a given tab. That is if a tab
override cookie is set on a particular tab, that cookie will be used in
place of the global cookie. Tab level cookies would last the lifetime of a
tab and would propagate to child tabs.
The use case we're trying to accommodate is to be logged into different
google accounts in different tabs. sessionStorage gets us part of the way
there in terms of enabling a per-tab resource that propagates to child tabs,
but sessionStorage doesn't automatically send data to the server on any
request the way cookies do. Essentially we're looking for a solution that 1.
works with cookies for compatibility with existing infrastructure and 2.
isn't limited to XMLHttpRequest usage where we have the ability to set
custom headers.

I would love to hear feedback from this list on how this might work in
browsers and/or alternative solutions.

Thank you,

Micah Lemonik
Staff Software Engineer
Google Inc.