IETF Logo Mail Archive

Re: [http-state] Welcome to http-state

Daniel Stenberg <daniel@haxx.se> Fri, 09 January 2009 19:03 UTC

Return-Path: <http-state-bounces@ietf.org>
X-Original-To: http-state-archive@ietf.org
Delivered-To: ietfarch-http-state-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8A82E3A6830; Fri, 9 Jan 2009 11:03:12 -0800 (PST)
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5AEA03A67FC for <http-state@core3.amsl.com>; Fri, 9 Jan 2009 11:03:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.103
X-Spam-Level:
X-Spam-Status: No, score=-5.103 tagged_above=-999 required=5 tests=[AWL=-2.854, BAYES_00=-2.599, HELO_EQ_SE=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MkDNdoZNQnVG for <http-state@core3.amsl.com>; Fri, 9 Jan 2009 11:03:08 -0800 (PST)
Received: from kluster1.contactor.se (kluster1.contactor.se [91.191.140.11]) by core3.amsl.com (Postfix) with ESMTP id CB1623A680D for <http-state@ietf.org>; Fri, 9 Jan 2009 11:03:07 -0800 (PST)
Received: from linux3.contactor.se (linux3.contactor.se [91.191.140.23]) by kluster1.contactor.se (8.13.8/8.13.8/Debian-3) with ESMTP id n09J2maM004368 for <http-state@ietf.org>; Fri, 9 Jan 2009 20:02:48 +0100
Date: Fri, 09 Jan 2009 20:02:48 +0100
From: Daniel Stenberg <daniel@haxx.se>
X-X-Sender: dast@linux3.contactor.se
To: Discuss HTTP State Management Mechanism <http-state@ietf.org>
In-Reply-To: <49679299.6060703@corry.biz>
Message-ID: <alpine.LRH.2.00.0901091958090.20014@yvahk3.pbagnpgbe.fr>
References: <49679299.6060703@corry.biz>
User-Agent: Alpine 2.00 (LRH 1167 2008-08-23)
X-fromdanielhimself: yes
MIME-Version: 1.0
Subject: Re: [http-state] Welcome to http-state
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Discuss HTTP State Management Mechanism <http-state@ietf.org>
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: http-state-bounces@ietf.org
Errors-To: http-state-bounces@ietf.org

On Fri, 9 Jan 2009, Bil Corry wrote:

> 	http://www.owasp.org/index.php/HTTPOnly#Browsers_Supporting_HTTPOnly

While not being a browser, libcurl is a HTTP library that supports cookies and 
even HTTPOnly ones and it is used in browsers (and browser-like applications) 
at times.

> There are a few ways to get started; I'm thinking that taking an inventory 
> of what is wrong or missing from RFC2109 as compared to the "real world" may 
> be a good place to start.

It sounds like a fair way to get started, but RFC2109 is quite far away from 
how cookies work in real life so the differences are going to be substantial.

-- 

  / daniel.haxx.se
_______________________________________________
http-state mailing list
http-state@ietf.org
https://www.ietf.org/mailman/listinfo/http-state

v2.14.0 | Report a Bug | By Email