Re: [http-state] Updated draft

Daniel Stenberg <daniel@haxx.se> Tue, 18 August 2009 07:14 UTC

Return-Path: <daniel@haxx.se>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E3FC93A6914 for <http-state@core3.amsl.com>; Tue, 18 Aug 2009 00:14:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.744
X-Spam-Level:
X-Spam-Status: No, score=-2.744 tagged_above=-999 required=5 tests=[AWL=-0.495, BAYES_00=-2.599, HELO_EQ_SE=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id evVQHunHUDW4 for <http-state@core3.amsl.com>; Tue, 18 Aug 2009 00:14:23 -0700 (PDT)
Received: from kluster1.contactor.se (kluster1.contactor.se [91.191.140.11]) by core3.amsl.com (Postfix) with ESMTP id 2F3C73A69A1 for <http-state@ietf.org>; Tue, 18 Aug 2009 00:14:01 -0700 (PDT)
Received: from linux2.contactor.se (linux2.contactor.se [91.191.140.14]) by kluster1.contactor.se (8.13.8/8.13.8/Debian-3) with ESMTP id n7I7Dwgp018506; Tue, 18 Aug 2009 09:13:58 +0200
Date: Tue, 18 Aug 2009 09:13:58 +0200
From: Daniel Stenberg <daniel@haxx.se>
X-X-Sender: dast@linux2.contactor.se
To: Dan Winship <dan.winship@gmail.com>
In-Reply-To: <4A89E4AA.4040204@gmail.com>
Message-ID: <alpine.DEB.2.00.0908180901150.17475@yvahk2.pbagnpgbe.fr>
References: <7789133a0908151008p35ff30e6w2761368fe70d41a6@mail.gmail.com> <4A889417.9020709@gmail.com> <alpine.DEB.2.00.0908170929100.22132@yvahk2.pbagnpgbe.fr> <7789133a0908170853r5a81b84cu1308049256f51d2c@mail.gmail.com> <7789133a0908170908r4e3e8d30v7187bbf67f76b95c@mail.gmail.com> <4A8996DE.4030905@gmx.de> <7789133a0908171152q5cdd97beia9e4034148e63e0e@mail.gmail.com> <4A89B35C.6010601@gmx.de> <op.uytnzlkm64w2qv@anne-van-kesterens-macbook.local> <4A89B4CD.9010708@gmx.de> <7789133a0908171325i4c908530k43d317a4c777b10@mail.gmail.com> <alpine.DEB.2.00.0908172227340.16209@yvahk2.pbagnpgbe.fr> <4A89E4AA.4040204@gmail.com>
User-Agent: Alpine 2.00 (DEB 1167 2008-08-23)
X-fromdanielhimself: yes
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format="flowed"; charset="US-ASCII"
Cc: http-state <http-state@ietf.org>
Subject: Re: [http-state] Updated draft
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Aug 2009 07:14:25 -0000

On Mon, 17 Aug 2009, Dan Winship wrote:

>> I've browsed the Cookie: code for curl, wget, libsoup, pavuk, lftp and
>> aria2. If I didn't miss anything, none of these cookie implementations
>> sort the cookies as the browsers.
>
> You missed this in soup-cookie-jar.c:
>
> 	/* FIXME: sort? */

Actually I didn't. It instead convinced me that libsoup doesn't sort which was 
what I was curious about (and you hadn't mentioned). So I could in no time 
whip up six (6!) HTTP clients that support cookies that don't sort them in the 
Cookie: header. I think taken together they do represent a fair amount of 
current usage.

FIXMEs or TODOs can be fixed in future releases for most software, that 
doesn't really change what is in use today, right now.

> Be liberal in what you accept (clients MUST accept all date formats, servers 
> MUST accept cookies in any order) and conservative in what you send (clients 
> MUST send cookies in the recommended order, servers MUST send dates in the 
> recommended format).

I think that servers MUST accept them in any order, but clients only SHOULD 
send them sorted like that (path len first then creation date).

Uhm, come to think of it on the matter of creation dates: the older 
Firefox/Mozilla/Netscape cookie file format doesn't save the creation dates of 
cookies, only expiration dates. So surely they won't be able to send cookies 
in the correct order after a restart?

-- 

  / daniel.haxx.se