Stefan Tilkov · May 9, 2020 · 11:01 AM UTC

Stefan Tilkov

Stefan Tilkov @stilkov

9 May 2020

From the “hills I’m willing to die on” department: Cookies are 100% evil, they should never have been added to the web platform, and the world would be a better place if the HTTP auth mechanism had been continuously extended and improved instead

Sebastian Kleinschmager · May 9, 2020 · 1:08 PM UTC

Sebastian Kleinschmager @SchmagaHimself

9 May 2020

I am curious, how could a solution work, that is neither using cookies or things like Bearer tokens? That is an honest question, because I understand that both solutions we currently have are problematic.

Stefan Tilkov · May 9, 2020 · 1:19 PM UTC

Stefan Tilkov · May 9, 2020 · 1:19 PM UTC

Stefan Tilkov @stilkov

9 May 2020

Replying to @SchmagaHimself

Whatever auth info is currently sent as part of a cookie could (and should) have been standardized as an auth mechanism instead. This would of course require browser vendor support, which is why it will never happen except in an alternate reality

May 9, 2020 · 1:19 PM UTC