Should the IETF ship or skip HTTP 2.0?
Should the IETF ship or skip HTTP 2.0?
Posted Jun 5, 2014 11:54 UTC (Thu) by mathstuf (subscriber, #69389)In reply to: Should the IETF ship or skip HTTP 2.0? by Cyberax
Parent article: Should the IETF ship or skip HTTP 2.0?
No, because if one gets intercepted, that cookie is good for years.
> For example, if I place an image from http://google.com/someanalytics on my page and you have a session ID for google.com domain then you'd still be tracked.
Use RequestPolicy and don't let J. Random Website force your browser to communicate with any other site. Saves bandwidth too.
Posted Jun 5, 2014 14:25 UTC (Thu)
by Cyberax (✭ supporter ✭, #52523)
[Link]
> Use RequestPolicy and don't let J. Random Website force your browser to communicate with any other site. Saves bandwidth too.
Should the IETF ship or skip HTTP 2.0?
So? If someone intercepts your session ID they'd still be able to access your data for the duration of the session.
You are free to do that with cookies.