Re: [http-state] Make draft-abarth-cookie-06 a working group item?

Firefox does more than use client time. If the server time was provided via HTTP header, we calculate expiry times (for both "expires" and "max-age" attributes) relative to such time. If not, we use client time. (This code is encapsulated in http://mxr.mozilla.org/mozilla-central/source/netwerk/cookie/src/nsCookieService.cpp#2062.)

Regards,
Dan

----- Original Message -----
From: "Daniel Stenberg" <daniel@haxx.se>
To: "Dan Winship" <dan.winship@gmail.com>
Cc: "http-state" <http-state@ietf.org>
Sent: Saturday, December 12, 2009 10:57:37 AM
Subject: Re: [http-state] Make draft-abarth-cookie-06 a working group item?

On Sat, 12 Dec 2009, Dan Winship wrote:

>> ... with no mention of exactly when the cookie's birth is. I figure we can 
>> define it to be since the receive moment for convenience if nothing else. 
>> Counting from the sending moment would be hard, even if I bet most server 
>> side implementations basically assumes it is from the moment they send the 
>> cookie.
>
> For the "max-age" Cache-Control directive, you count from the time in the 
> Date header. We could do the same (though we need to put something about 
> what to do if there's no Date header).

I know the libcurl implementation simply takes the current time (when the 
cookie is parsed/handled by the client) and adds the cookie's given max-time, 
which thus matches the current draft. I would suspect others do too since it 
is the easiest approach.

Does anyone here know of an implementation that (tries to) make it based on 
the server-side's creation time?

-- 

  / daniel.haxx.se
_______________________________________________
http-state mailing list
http-state@ietf.org
https://www.ietf.org/mailman/listinfo/http-state