Should the IETF ship or skip HTTP 2.0?
Should the IETF ship or skip HTTP 2.0?
Posted Jun 4, 2014 6:59 UTC (Wed) by nim-nim (subscriber, #34454)In reply to: Should the IETF ship or skip HTTP 2.0? by Cyberax
Parent article: Should the IETF ship or skip HTTP 2.0?
That would be sufficient to limit abuses.
Posted Jun 4, 2014 20:58 UTC (Wed)
by Cyberax (✭ supporter ✭, #52523)
[Link] (2 responses)
And of course, I personally _want_ lots of my sessions to last more than 1 day or week.
And lastly, nobody stops you from deleting cookies every day or restricting them in any way.
Posted Jun 5, 2014 11:54 UTC (Thu)
by mathstuf (subscriber, #69389)
[Link] (1 responses)
No, because if one gets intercepted, that cookie is good for years.
> For example, if I place an image from http://google.com/someanalytics on my page and you have a session ID for google.com domain then you'd still be tracked.
Use RequestPolicy and don't let J. Random Website force your browser to communicate with any other site. Saves bandwidth too.
Posted Jun 5, 2014 14:25 UTC (Thu)
by Cyberax (✭ supporter ✭, #52523)
[Link]
> Use RequestPolicy and don't let J. Random Website force your browser to communicate with any other site. Saves bandwidth too.
Should the IETF ship or skip HTTP 2.0?
Should the IETF ship or skip HTTP 2.0?
Should the IETF ship or skip HTTP 2.0?
So? If someone intercepts your session ID they'd still be able to access your data for the duration of the session.
You are free to do that with cookies.