Techly NewsGet the app

Get the latest tech news

Handling cookies is a minefield


Discrepancies in how browsers and libraries handle HTTP cookies, and the problems caused by such things.

Golang falls relatively close to what the RFC's wording on how servers should behave with Set-Cookie, only differing by allowing 0x20(space) and 0x2C(comma) due to them commonly occurring in the wild. Fixing it on the server-side is potentially feasible, but it affects millions of websites and most of the errors caused by this problem are buried deep in programming languages and web frameworks. Po-Ning Tseng, for helping me investigate this issue in the first place Dan Veditz at Mozilla, for his inexhaustible knowledge and endless kindness Frederik Braun, for his helpful early feedback Steven Bingler at Google, for pushing on getting this issue fixed Peter Bowen, for his thoughts on how cookie processing probably should happen Chris Palmer and David Schinazi, for their insightful proofreading Stefan Bühler, who stumbled across some of this stuff over a decade ago

Get the Android app

Or read this on Hacker News

Read more on:

Photo of cookies

cookies

Photo of minefield

minefield

Related news:

News photo

No same site = None cookies for iOS18

News photo

Texts, social media a 'minefield' for couples divorcing: lawyer

News photo

Copilot for Microsoft 365 might boost productivity if you survive the compliance minefield

« Kia announces high-performance EV9 GT with virtual shifting and native Tesla charging
Teenage Engineering OP–XY »