|
|
|
|
|
|
by naasking
2822 days ago
|
|
|
> Ideally browsers would be extensible enough for you to build these things. The generality of the environments available in browsers is exactly the problem: we can't tell what they're doing because opaque programs are manipulating opaque data. Making the problem tractable means restricting the ability to communicate via well-defined channels with well-defined data, possibly with specific purposes. > opt-in is user hostile to the point that never-ask-me-again will become the norm. You're assuming a lot. Opt-in is not blanket user hostile, it depends on the frequency and circumstances the user encounters it. My first thought is that opt-in dialogs would be triggered only for forms with password inputs, just like it works now in browsers where users can save their passwords. The cookie is tied to that form submission only so we know its origin and uses, and all other cookies are forbidden. It doesn't strike me as user-hostile at all to then ask the user if they want to permit the site to store a persistent authentication token. |
|
|