Session - Dependency on Third Party Cookies

Issue #650 wontfix
Edmund Jay created an issue

Some implementations of Session Management spec require that the browser enable third party cookies to work properly. Read access to cookies and HTML5 local storage behave differently on different browsers depending on whether third party cookies are enabled or not. The spec should address this problem and/or provide work arounds or clarifications.

Comments (4)

  1. Nat Sakimura
    • changed component to Session
    • edited description

    This is a known issue that we cannot address. Luckily, Safari (means iPhone, iPad and has the default setting to block third party cookies) seems to behave right, and other browsers do not set the block as the default.

    Note, give the situation, even prompt=none in an iframe will not work when third party cookie is blocked in Firefox and Chrome.

    Unless you have some concrete proposal, this ticket is in the "wontfix" category.

  2. Michael Jones

    We will say that session management is dependent upon inter-site communication through the browser. Adding this to the session management spec is the proposed resolution for this issue.

  3. Michael Jones

    At the 22-Oct-12 working group meeting at Google, the working group agreed that there is no means to fix this, short of new browser technology. No change to the specification will be made for this issue.

  4. Log in to comment