I'm sufficiently paranoid that I run Desktop Chrome in incognito mode much of the time - which makes permanent cookies into transient cookies. :-)
(And when truly paranoid, I run in Firefox with all cookie-setting off, and allow cookies on an individual basis.)
I think you would benefit from reading section 4 of RFC 6265, which describes how session cookies are defined.
Back when I was doing more web-programming than I am now, I always deliberately set cookie expiration dates, rather than trust the 10 billion browsers out there as to their default policies.
I also coded to defend against cookies being rejected - I hate how web sites redirect to a new page when cookies can't be set. If I reconfigure my cookie policy to permit that site to set cookies, I also had to go back and forth for each cookie, many times.
You should also bear in mind that your cookies' expiration dates might be overridden anyway. I often force "permanent cookies" to expire at the end of each session, or tab, depending. If the user agent maintains the data, the server-programmer has to defend against intransigent (or crappy) user agents.
This is your quality engineering friend, speaking. :-) Boy, have I effed over some web sites by hacking on their cookies... :-)
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
(no subject)
Date: 2015-05-07 02:54 pm (UTC)(And when truly paranoid, I run in Firefox with all cookie-setting off, and allow cookies on an individual basis.)
I think you would benefit from reading section 4 of RFC 6265, which describes how session cookies are defined.
Back when I was doing more web-programming than I am now, I always deliberately set cookie expiration dates, rather than trust the 10 billion browsers out there as to their default policies.
I also coded to defend against cookies being rejected - I hate how web sites redirect to a new page when cookies can't be set. If I reconfigure my cookie policy to permit that site to set cookies, I also had to go back and forth for each cookie, many times.
You should also bear in mind that your cookies' expiration dates might be overridden anyway. I often force "permanent cookies" to expire at the end of each session, or tab, depending. If the user agent maintains the data, the server-programmer has to defend against intransigent (or crappy) user agents.
This is your quality engineering friend, speaking. :-) Boy, have I effed over some web sites by hacking on their cookies... :-)