Re: [http-state] non-ASCII cookie values (was Re: Closing Ticket 3: Public Suffixes)

Julian Reschke <julian.reschke@gmx.de> Wed, 03 February 2010 12:40 UTC

Return-Path: <julian.reschke@gmx.de>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C75853A6915 for <http-state@core3.amsl.com>; Wed, 3 Feb 2010 04:40:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.842
X-Spam-Level:
X-Spam-Status: No, score=-4.842 tagged_above=-999 required=5 tests=[AWL=-2.243, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dFoShbi4RkUW for <http-state@core3.amsl.com>; Wed, 3 Feb 2010 04:40:40 -0800 (PST)
Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by core3.amsl.com (Postfix) with SMTP id 961493A680C for <http-state@ietf.org>; Wed, 3 Feb 2010 04:40:39 -0800 (PST)
Received: (qmail invoked by alias); 03 Feb 2010 12:41:20 -0000
Received: from mail.greenbytes.de (EHLO [192.168.1.105]) [217.91.35.233] by mail.gmx.net (mp063) with SMTP; 03 Feb 2010 13:41:20 +0100
X-Authenticated: #1915285
X-Provags-ID: V01U2FsdGVkX1832RoVj9c3kRiQHfmArM04x9eFVnPM5PmhmF7y/P WDZqIm51sJQVt5
Message-ID: <4B696EEB.1050803@gmx.de>
Date: Wed, 03 Feb 2010 13:41:15 +0100
From: Julian Reschke <julian.reschke@gmx.de>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.0.4) Gecko/20060516 Thunderbird/1.5.0.4 Mnenhy/0.7.4.666
MIME-Version: 1.0
To: Adam Barth <ietf@adambarth.com>
References: <7789133a1002011014x5d587436j663a73bc92270a65@mail.gmail.com> <143E98B7-BFA6-4F77-9685-E57FFD2449A6@apple.com> <7789133a1002021737v2a50be07u3eea61a2fe870c79@mail.gmail.com> <4B6926FC.5030107@gmx.de> <67660F71-01A3-4B66-B546-B740A1314E49@apple.com> <7789133a1002022348h57a61611me73b95e110c72ea3@mail.gmail.com> <4B692D7C.900@gmx.de> <7789133a1002030006r1d9b1bech491fa7826587eaff@mail.gmail.com> <7789133a1002030008n4f4e294fn548c359133d7734b@mail.gmail.com> <4B692F9F.7040602@gmx.de> <7789133a1002030034w5400ddb8k61bf9d7be880c2c0@mail.gmail.com> <4B6938F1.100@gmx.de>
In-Reply-To: <4B6938F1.100@gmx.de>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
X-FuHaFi: 0.62
Cc: http-state@ietf.org
Subject: Re: [http-state] non-ASCII cookie values (was Re: Closing Ticket 3: Public Suffixes)
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Feb 2010 12:40:40 -0000

Julian Reschke wrote:
> ...
> On the other hand, why require something that's known not be in use (if 
> that is the case)?
> 
> If you allow non-ASCII characters (or actually require support), you'll 
> also have to figure out how existing server and client based APIs are to 
> deal with them (so what encoding is it?).
> ...

I just did a quick test with an ISO-8859-1 encoded cookie value, 
client-side javascript and "alert(document.cookie)":

- IE and Firefox appear to treat the cookie as ISO-8859-1
- Safari appears to ignore the cookie
- Chrome and Opera appear to try to decode as UTF-8 (and returns a 
REPLACEMENT CHAR in place of the umlaut I tried)

Best regards, Julian