Re: [http-state] http-state Digest, Vol 10, Issue 8

eric bianchetti <eric_bianchetti@yahoo.com> Thu, 04 February 2010 01:27 UTC

Return-Path: <eric_bianchetti@yahoo.com>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A906C3A6830 for <http-state@core3.amsl.com>; Wed, 3 Feb 2010 17:27:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RHZuWcO1UZCL for <http-state@core3.amsl.com>; Wed, 3 Feb 2010 17:27:38 -0800 (PST)
Received: from web52407.mail.re2.yahoo.com (web52407.mail.re2.yahoo.com [206.190.48.170]) by core3.amsl.com (Postfix) with SMTP id 067073A683C for <http-state@ietf.org>; Wed, 3 Feb 2010 17:27:37 -0800 (PST)
Received: (qmail 45750 invoked by uid 60001); 4 Feb 2010 01:28:19 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1265246899; bh=8rJT0Hgj0ULisWnqvKqo4FUtjqjBR9J3Eb/0rfzhF0Q=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:References:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=Agq+S/Hvg13erj/qTUybH30W6FtgX9AJIYP63q75+8Yk00NelG3nTYTK9lKc5NfJJof88IGaux5msMaiXPiM1FAWO1kkg/mQ+6k3kQhjghPxx8//3wqd4gOdKZeWxkbyFDokD/7gj6OmWCjOrNxeEwHei1t4z69z0i3sMJw4q8g=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:References:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=kssKMm/j/LFm2g7TRLCnlLB2ClB5ImwpXI4qCIgb6zUYe9vgyRVg6z6AtPpWtQTdbCo/9/eOUZcGBLI8Fa43glCGYuzCHIbdAO/gPlQa+sihlcHng6s5TX1KzHyDoKYcf98083fU9PhpPGcD7TLMj9pOyDZDFnWLqv64IwBim2I=;
Message-ID: <494224.45089.qm@web52407.mail.re2.yahoo.com>
X-YMail-OSG: a3Osz18VM1nBniJiQqvzMWHpKwPiUCJ6yReTVqMiKtYadHHso3Q0iUmZt1QWPb_9_yigI2d3KenzNXLEfk7S5ojaq7AnIOvxODNHspn.S48aQhU7hutrq1kl7RiA5ZhYgkFZZ33cV5vmy1nqYdr4QmGmeEreQ.2UPysWHLAMSjQKuCM4xzjPVOiIActeAWb8qeXAwN92S0hvQ8fzsxb5dDvEVs1E.vZM_SjHqsp1t34J336zr7UR.ZM9n7OimvkN8vMsOZh9tBl_ZhogPTOo3jOwDS9a637XtzDBClvG6TX_pvOQoNk7WUeITpli1Uz7QHppc2fFVnK1BXrdwx30Xr9gRvADOdIE.y7zgSZlDP_jdnxxT7IU3b7L29Al51K5ubYjHLMjUf5PMcDmhfnkApMNUGSlPvUnmvNDGD.EOV.EbodrRs96RuNCiOTS7R178kpgNKHNueWnazGlX5qJVzk8OBJ442jw32O3wQeS.8ouc.hce5EKPWh8LeTsxRK0yVy72i4p9kMetHC.aLqiM_EjyxzcfVZIklF978cTakmZopJHX6WbImpMisUqWKv6klNoUKF7XUp9PgNwBAO3GfaFJ3Y5qxbefG4yajaXyoRJjPbaoh.eeeQ9g6nLMZXS8.w_KdaU8Uyk3slT3NQc5nftSP04xPidO_aTVR9BRPTcu1x0xdl2kqI7GOsU8x4mnA--
Received: from [58.137.5.55] by web52407.mail.re2.yahoo.com via HTTP; Wed, 03 Feb 2010 17:28:19 PST
X-Mailer: YahooMailRC/272.7 YahooMailWebService/0.8.100.260964
References: <mailman.86.1265227208.29152.http-state@ietf.org>
Date: Wed, 3 Feb 2010 17:28:19 -0800 (PST)
From: eric bianchetti <eric_bianchetti@yahoo.com>
To: http-state@ietf.org
In-Reply-To: <mailman.86.1265227208.29152.http-state@ietf.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
Subject: Re: [http-state] http-state Digest, Vol 10, Issue 8
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Feb 2010 01:27:39 -0000

I believe, but I might be utterly wrong, the old specifications (sorry I do not recal the RFC #) was : 

1) the Domain MUST have 2 dots.
2) if Domain is not explicitly given (Domain = .domain.com) then the server that initiate the request will be the implicit domain; AND Path will not be taken in account.

My opinion, for what it is worth, being we should keep the same behavior for backward compatibility.

Eric



----- Original Message ----
From: "http-state-request@ietf.org" <http-state-request@ietf.org>
To: http-state@ietf.org
Sent: Thu, February 4, 2010 3:00:08 AM
Subject: http-state Digest, Vol 10, Issue 8

If you have received this digest without all the individual message
attachments you will need to update your digest options in your list
subscription.  To do so, go to 

https://www.ietf.org/mailman/listinfo/http-state

Click the 'Unsubscribe or edit options' button, log in, and set "Get
MIME or Plain Text Digests?" to MIME.  You can set this option
globally for all the list digests you receive at this point.



Send http-state mailing list submissions to
    mailto:http-state@ietf.org

To subscribe or unsubscribe via the World Wide Web, visit
    https://www.ietf.org/mailman/listinfo/http-state
or, via email, send a message with subject or body 'help' to
    mailto:http-state-request@ietf.org

You can reach the person managing the list at
    mailto:http-state-owner@ietf.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of http-state digest..."


Today's Topics:

  1. Re: Ticket 6: host-only cookies (Mark Pauley)


----------------------------------------------------------------------

Message: 1
Date: Wed, 3 Feb 2010 11:40:26 -0800
From: Mark Pauley <mpauley@apple.com>
Subject: Re: [http-state] Ticket 6: host-only cookies
To: Adam Barth <ietf@adambarth.com>
Cc: http-state <http-state@ietf.org>
Message-ID: <4B6C6C31-AB1A-4A05-AA03-FF0A82F2933F@apple.com>
Content-Type: text/plain; charset=us-ascii

CFNetwork used to treat domain attributes starting without a dot literally, but I think we've gone back to prepending the dot due to compatibility issues.


On Feb 2, 2010, at 11:35 AM, Adam Barth wrote:

> On Tue, Feb 2, 2010 at 11:14 AM, Dave Kristol
> <dmk-http-state@kristol.org> wrote:
>> Adam Barth wrote:
>>> Do you mean that
>>> 
>>> Set-Cookie: foo=bar; Domain=example.com
>>> 
>>> and
>>> 
>>> Set-Cookie: foo=bar; Domain=.example.com
>>> 
>>> are treated differently by user agents?  That might be true according
>>> to 2109 (I'd have to check), but I don't think that's how user agents
>>> work in practice.  They appear to ignore the leading dot.  If you have
>>> a test case that show a difference, I'd be very interested in seeing
>>> it.
>> 
>> That is what I meant, and I do not have a test case.  That is what 2109
>> said, and I believe (though it's been many years now... ugh!) I adopted that
>> from Netscape's spec.  Generally speaking, the idea was that, in the absence
>> of Domain=, the cookie should be returned only to the server that sent it.
> 
> I believe this is the line of code in Firefox that causes the leading
> dot in the domain attribute to be ignored.
> 
> http://mxr.mozilla.org/mozilla-central/source/netwerk/cookie/src/nsCookieService.cpp#2159
> 
> There's a similar line of code in Chrome in the GetCookieDomainKey
> function in this file:
> 
> http://src.chromium.org/viewvc/chrome/trunk/src/net/base/cookie_monster.cc?view=markup
> 
> Here's the comment:
> 
>  // Get the normalized domain specified in cookie line.
>  // Note: The RFC says we can reject a cookie if the domain
>  // attribute does not start with a dot. IE/FF/Safari however, allow a cookie
>  // of the form domain=my.domain.com, treating it the same as
>  // domain=.my.domain.com -- for compatibility we do the same here.  Firefox
>  // also treats domain=.....my.domain.com like domain=.my.domain.com, but
>  // neither IE nor Safari do this, and we don't either.
> 
> Note that Firefox now acts like IE/Chrome/Safari in regards to
> Domain=.....my.domain.com
> 
> Adam
> _______________________________________________
> http-state mailing list
> http-state@ietf.org
> https://www.ietf.org/mailman/listinfo/http-state



------------------------------

_______________________________________________
http-state mailing list
http-state@ietf.org
https://www.ietf.org/mailman/listinfo/http-state


End of http-state Digest, Vol 10, Issue 8
*****************************************