It's been a long haul, but cookies will soon have an official specification that matches the real world:
http://www.thesecuritypractice.com/the_security_practice/2011/03/http-state-management-mechanism-to-proposed-standard.html
The second phase for the httpstate Working Group is to engineer a new HTTP state mechanism that improves security -- Adam Barth has already put forward his proposal for "cake":
http://www.ietf.org/id/draft-abarth-cake-01.txt
Discussion takes place here:
https://www.ietf.org/mailman/listinfo/http-state
It's been a long haul, but cookies will soon have an official specification that matches the real world:
http://www.thesecuritypractice.com/the_security_practice/2011/03/http-state-management-mechanism-to-proposed-standard.html
The second phase for the httpstate Working Group is to engineer a new HTTP state mechanism that improves security -- Adam Barth has already put forward his proposal for "cake":
http://www.ietf.org/id/draft-abarth-cake-01.txt
Discussion takes place here:
https://www.ietf.org/mailman/listinfo/http-state
- Bil
