Re: [http-state] Updated draft
Daniel Stenberg <daniel@haxx.se> Sun, 16 August 2009 20:42 UTC
Return-Path: <daniel@haxx.se>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id ECA2A28C13C for <http-state@core3.amsl.com>; Sun, 16 Aug 2009 13:42:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[AWL=-1.338, BAYES_05=-1.11, HELO_EQ_SE=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w7+yEWZhH8QT for <http-state@core3.amsl.com>; Sun, 16 Aug 2009 13:42:21 -0700 (PDT)
Received: from kluster1.contactor.se (kluster1.contactor.se [91.191.140.11]) by core3.amsl.com (Postfix) with ESMTP id 42DA228C0F4 for <http-state@ietf.org>; Sun, 16 Aug 2009 13:42:20 -0700 (PDT)
Received: from linux2.contactor.se (linux2.contactor.se [91.191.140.14]) by kluster1.contactor.se (8.13.8/8.13.8/Debian-3) with ESMTP id n7GKgMOk007946; Sun, 16 Aug 2009 22:42:23 +0200
Date: Sun, 16 Aug 2009 22:42:22 +0200
From: Daniel Stenberg <daniel@haxx.se>
X-X-Sender: dast@linux2.contactor.se
To: Adam Barth <ietf@adambarth.com>
In-Reply-To: <7789133a0908161131s5741d457q812b5e4213452054@mail.gmail.com>
Message-ID: <alpine.DEB.2.00.0908162035140.13789@yvahk2.pbagnpgbe.fr>
References: <7789133a0908151008p35ff30e6w2761368fe70d41a6@mail.gmail.com> <alpine.DEB.2.00.0908152250410.18461@yvahk2.pbagnpgbe.fr> <7789133a0908151642w47c1dbf1x48268e657b0d71cc@mail.gmail.com> <alpine.DEB.2.00.0908161440520.25988@yvahk2.pbagnpgbe.fr> <7789133a0908161032l2265ce5fg966c434f1b05aa64@mail.gmail.com> <alpine.DEB.2.00.0908161952060.13789@yvahk2.pbagnpgbe.fr> <7789133a0908161131s5741d457q812b5e4213452054@mail.gmail.com>
User-Agent: Alpine 2.00 (DEB 1167 2008-08-23)
X-fromdanielhimself: yes
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format="flowed"; charset="US-ASCII"
Cc: http-state <http-state@ietf.org>
Subject: Re: [http-state] Updated draft
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Aug 2009 20:42:23 -0000
On Sun, 16 Aug 2009, Adam Barth wrote: > User agents comprising >99% of the market share implement path-length > sorting. The only implementation I'm aware of that does not perform > path-length sorting is CURL. Are there other implementations we should > factor into our decisions? Right, but did you check libsoup, wget or whatever other fairly common non-browser http clients there are out there? Or why not the most popular native libs for Java, Python or perl? As curl is not a browser at all you could test 100% of the browsers and curl would still not be in that lump. You cannot use browser share among end users as a proper measurement here. If you can reach 99% of the server implementations it would matter a lot more. > I suspect that Internet Explorer, Firefox, Safari, Chrome, and Opera have > collectively been tested on more web sites than CURL. When 5 out of 5 major > browsers agree, there's likely a reason. Then please tell me the reason. Why do they sort the cookies like this? (And I don't count "because RFC2109/2965 says so" to be a good explanation.) And the reversed: how come (virtually) no server-side receivers care about the order? > "If I were going to implement a new user agent today and I wanted to > maximize compatibility, would I implement this requirement?" > > In this case, it's clear that I would want to implement a behavior that > matches all of the major browsers. I think you're looking at it from the wrong perspective. If I were to implement a new cookie "engine" today and maximize compatibility, I would make sure that it plays with 99.[something] of the _server_-implementions. And funnily enough, I claim that curl does! A request-header should be looked for compliance in the server-end, imo. Obviously I don't have any measured numbers to back this up but curl has always been used a lot to mimic browsers and to automate what people otherwise do manually with browsers, and I've always put in an effort to make sure that curl can do everything the browsers can (HTTP wise). This sorting thing has never been an issue to my knowledge (and yes I do realize I'm sticking my neck out here). >> it could only really have a meaning if more than 50 (or so) cookies are >> stored for a domain as then the sort order would decide which cookies to >> discard > > This is not the case. The priority order for evicting cookies is different > from the order in which cookies appear in the Cookie header (which is what > we're discussing). Ah, that's what I get for reading it sloppy, sorry. But it only makes my point even stronger: Why do we specify the order at all? What's the useful purpose to any party involved? -- / daniel.haxx.se
- [http-state] Updated draft Adam Barth
- Re: [http-state] Updated draft Daniel Stenberg
- Re: [http-state] Updated draft Adam Barth
- Re: [http-state] Updated draft Daniel Stenberg
- Re: [http-state] Updated draft Adam Barth
- Re: [http-state] Updated draft Daniel Stenberg
- Re: [http-state] Updated draft Adam Barth
- Re: [http-state] Updated draft Daniel Stenberg
- Re: [http-state] Updated draft Dan Winship
- Re: [http-state] Updated draft Daniel Stenberg
- Re: [http-state] Updated draft Adam Barth
- Re: [http-state] Updated draft Adam Barth
- Re: [http-state] Updated draft Bil Corry
- Re: [http-state] Updated draft Daniel Stenberg
- Re: [http-state] Updated draft Julian Reschke
- Re: [http-state] Updated draft Daniel Stenberg
- Re: [http-state] Updated draft Bil Corry
- Re: [http-state] Updated draft Daniel Stenberg
- Re: [http-state] Updated draft Adam Barth
- Re: [http-state] Updated draft Adam Barth
- Re: [http-state] Updated draft Daniel Stenberg
- Re: [http-state] Updated draft Julian Reschke
- Re: [http-state] Updated draft Anne van Kesteren
- Re: [http-state] Updated draft Julian Reschke
- Re: [http-state] Updated draft Adam Barth
- Re: [http-state] Updated draft Daniel Stenberg
- Re: [http-state] Updated draft Dan Winship
- Re: [http-state] Updated draft Anne van Kesteren
- Re: [http-state] Updated draft Daniel Stenberg