IETF Logo Mail Archive

Re: Proposal: Cookie Priorities

Mark Nottingham <mnot@mnot.net> Fri, 04 March 2016 00:08 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B3DA1B305B for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 3 Mar 2016 16:08:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.908
X-Spam-Level:
X-Spam-Status: No, score=-6.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.006, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rL8Yo8n-7giD for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 3 Mar 2016 16:08:29 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C3FF01B3056 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 3 Mar 2016 16:08:29 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1abdDY-00046j-GD for ietf-http-wg-dist@listhub.w3.org; Fri, 04 Mar 2016 00:03:40 +0000
Resent-Date: Fri, 04 Mar 2016 00:03:40 +0000
Resent-Message-Id: <E1abdDY-00046j-GD@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <mnot@mnot.net>) id 1abdDS-00045d-KO for ietf-http-wg@listhub.w3.org; Fri, 04 Mar 2016 00:03:34 +0000
Received: from mxout-07.mxes.net ([216.86.168.182]) by lisa.w3.org with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from <mnot@mnot.net>) id 1abdDG-0003yj-Mp for ietf-http-wg@w3.org; Fri, 04 Mar 2016 00:03:28 +0000
Received: from [192.168.1.101] (unknown [120.149.194.112]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id D49FF22E260; Thu, 3 Mar 2016 19:02:58 -0500 (EST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\))
From: Mark Nottingham <mnot@mnot.net>
In-Reply-To: <CAKXHy=dvxE5f25_xx3mKTc+XRDU_Hp=uFDy-iL-_c0s+xHGydw@mail.gmail.com>
Date: Fri, 04 Mar 2016 11:02:55 +1100
Content-Transfer-Encoding: quoted-printable
Message-Id: <4F1B2115-C2BB-42AD-A5AB-EC02E9598ACB@mnot.net>
References: <CAKXHy=dvxE5f25_xx3mKTc+XRDU_Hp=uFDy-iL-_c0s+xHGydw@mail.gmail.com>
To: Mike West <mkwst@google.com>, HTTP Working Group <ietf-http-wg@w3.org>
X-Mailer: Apple Mail (2.3112)
Received-SPF: pass client-ip=216.86.168.182; envelope-from=mnot@mnot.net; helo=mxout-07.mxes.net
X-W3C-Hub-Spam-Status: No, score=-8.2
X-W3C-Hub-Spam-Report: AWL=1.359, BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: lisa.w3.org 1abdDG-0003yj-Mp 9a4451c2bdf938bc4cce38d08b2f0c3e
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Proposal: Cookie Priorities
Archived-At: <http://www.w3.org/mid/4F1B2115-C2BB-42AD-A5AB-EC02E9598ACB@mnot.net>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/31173
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Thanks, Mike.

As I understand it, this is already implemented in one browser, which is good in that we're looking for implementation.

What do folks -- both other browser implementers and site folks -- think about this?

Regards,


> On 4 Mar 2016, at 2:58 AM, Mike West <mkwst@google.com> wrote:
> 
> Way back in 2013, folks at Google put together a proposal for a `priority` attribute for cookies with the intent of allowing servers to influence a user agent's retention policy[1]. Chrome has been shipping this feature since ~November 2013[2], and Google servers have been using it since then. It would be lovely to get more feedback on the concept from other folks outside the company, so I've just submitted a copy/pasted version of the original proposal[3] as https://tools.ietf.org/html/draft-west-cookie-priority-00. Apologies for the years of delay. :/
> 
> Like many other excitingly huge companies, Google has both internal and external servers hosted on subdomains of `google.com`, and employees hit the user agent's cookie retention limit on a regular basis. In order to insure that this doesn't result in lost sessions, Google marks certain cookies as `Priority=High`, and others as `Priority=Low`. As you might imagine, the latter are evicted more frequently than regular cookies, the former less frequently. The document describes how Chrome takes these priorities into account when evicting cookies from the cookie store. Anecdotally, folks internally have found it quite helpful in terms of retaining session state.
> 
> There's still some work to do to bring the document up to date with proposals like https://tools.ietf.org/html/draft-ietf-httpbis-cookie-alone-00 which also aim to alter the browser's eviction policy. I'm working through the implications of that document on this proposal in Chrome right now, and will document whatever merger we end up considering sane once we figure out what it it might be. :)
> 
> One of the original authors (Erik) has left Google, and I haven't been successful at getting in contact with him: I'm hopeful that we can get him involved again. Regardless, Samuel and I would be thrilled to hear what this group thinks of the proposal.
> 
> Thanks!
> 
> [1]: https://groups.google.com/a/chromium.org/forum/#!topic/chromium-dev/xK4IJ1-5oJE
> [2]: https://codereview.chromium.org/54303010
> [3]: https://docs.google.com/a/google.com/file/d/0B3o1IlTKoADVRllKWGlyWGxIVTg/edit
> 
> -mike

--
Mark Nottingham   https://www.mnot.net/

v2.23.0 | Report a Bug | By Email