mikewest/cookies-over-http-bad

Archived proposal from 2018. Perhaps the approach in mikewest/scheming-cookies will be more successful!

Issues

special OPT_OUT cookie?
#7 opened 6 years ago by pgeorgi
0
Prevent retrograding secure to plaintext
#6 opened 6 years ago by GuillaumeRossolini
0
Mention impact on document.cookie
#5 opened 6 years ago by ericlaw1979
0
Unclear wording
#4 opened 6 years ago by ericlaw1979
0
Possible typo in reference to RFC6265
#2 opened 6 years ago by rufoa
4
More papers to consider including as justification.
#3 opened 6 years ago by mikewest
0