You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In initial experimentation using Chrome Canary and the demonstration server on glitch, I noticed that auth cookie (cname) is set with an explicit domain attribute, and that this appears in to be required, both in the set-cookie header and in the credentials element of the session registration response as well. In the particular case of the domain cookie attribute I feel this shouldn't be required and should default to the hostname of the current web origin just as happens with a regular set-cookie header. In the general case if there is a good reason for requiring this or any other particular cookie attributes in either the set-cookie headers or the credentials element of a registration response, then the specification needs to be explicit in defining which attributes are required and why, and which are optional.
The text was updated successfully, but these errors were encountered:
In initial experimentation using Chrome Canary and the demonstration server on glitch, I noticed that auth cookie (cname) is set with an explicit domain attribute, and that this appears in to be required, both in the set-cookie header and in the credentials element of the session registration response as well. In the particular case of the domain cookie attribute I feel this shouldn't be required and should default to the hostname of the current web origin just as happens with a regular set-cookie header. In the general case if there is a good reason for requiring this or any other particular cookie attributes in either the set-cookie headers or the credentials element of a registration response, then the specification needs to be explicit in defining which attributes are required and why, and which are optional.
The text was updated successfully, but these errors were encountered: