Handling Cookies is a Minefield:
inconsistencies in the HTTP cookie specification and its implementations have caused a situation where countless websites (including Facebook, Netflix, Okta, WhatsApp, Apple, etc.) are one small mistake away from locking their users out.
https://grayduck.mn/2024/11/21/handling-cookies-is-a-minefield/
=> View attached media | View attached media | View attached media | View attached media
=> More informations about this toot | More toots from april@macaw.social
@april the other thing that comes to mind recently is “SameSite=Lax” by default, which a bunch of docs and specs say is the case, but only Chrome has managed to ship it — both Firefox and Safari unshipped it, due to too much breakage, and the win is much smaller when cookies are partitioned and/or not sent cross-site/origin to start with
=> More informations about this toot | More toots from gsnedders@glauca.space
text/geminiThis content has been proxied by September (3851b).