Re: [http-state] Is this an omission in the parser rules ofdraft-ietf-httpstate-cookie-21?
"Remy Lebeau" <remy@lebeausoftware.org> Wed, 16 February 2011 07:05 UTC
Return-Path: <remy@lebeausoftware.org>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6AFCE3A6D69 for <http-state@core3.amsl.com>; Tue, 15 Feb 2011 23:05:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_73=0.6, STOX_REPLY_TYPE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HkGBpCv2bott for <http-state@core3.amsl.com>; Tue, 15 Feb 2011 23:05:06 -0800 (PST)
Received: from p3plsmtpa01-08.prod.phx3.secureserver.net (p3plsmtpa01-08.prod.phx3.secureserver.net [72.167.82.88]) by core3.amsl.com (Postfix) with SMTP id 3F3143A6D48 for <http-state@ietf.org>; Tue, 15 Feb 2011 23:05:03 -0800 (PST)
Received: (qmail 29295 invoked from network); 16 Feb 2011 07:05:30 -0000
Received: from unknown (76.93.119.83) by p3plsmtpa01-08.prod.phx3.secureserver.net (72.167.82.88) with ESMTP; 16 Feb 2011 07:05:30 -0000
Message-ID: <26A4B40A07EF489C882815971D7BC38E@RYANLAPTOP>
From: Remy Lebeau <remy@lebeausoftware.org>
To: ietf@adambarth.com
References: <20110204184735.26023.qmail@mm01.prod.mesa1.secureserver.net><AANLkTi=qBVkGwMHqAidtwP5_A8pPrF-Y9MV4jgYS5_QM@mail.gmail.com><7384878F-C44A-42A4-9694-1BB1C18AA5E6@gbiv.com><AANLkTinFq7bE_e3SSgdjuFvZ8hGn1xy4Hc1VKwc=vp1D@mail.gmail.com><49225418-A1AF-4299-8C4F-2E608D34265D@gbiv.com><AANLkTimrJF3LFR4t4j=U2L33kFh+wf-R=sjjwexcmyPi@mail.gmail.com> <26240DE2-4DD3-4863-81B1-635D34BA4AE4@gbiv.com>
Date: Tue, 15 Feb 2011 23:04:28 -0800
Organization: Lebeau Software
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="iso-8859-1"; reply-type="original"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5931
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5994
Cc: http-state@ietf.org
Subject: Re: [http-state] Is this an omission in the parser rules ofdraft-ietf-httpstate-cookie-21?
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Feb 2011 07:05:07 -0000
----- Original Message ----- From: "Roy T. Fielding" <fielding@gbiv.com> To: "Adam Barth" <ietf@adambarth.com> Cc: <http-state@ietf.org> Sent: Tuesday, February 15, 2011 12:29 PM Subject: Re: [http-state] Is this an omission in the parser rules ofdraft-ietf-httpstate-cookie-21? > Then please explain to Amazon why you want to break their site? > Look at your browser's cookies for amazon.com and you will probably > find cookies named session-token, at-main, and x-main that do not > follow your grammar. They are quoted strings and valid under all > prior descriptions of the Cookie and Set-Cookie header fields. While we are on the subject of breaking Amazon cookies, here is a cookie I received from Amazon's homepage that does not conform to the format of the Expires attribute that Section 4 requires servers to use, but it is a perfectly valid cookie: Set-Cookie: bpx_ustats="iGfxfWHBtMzz9EqcZRPVxHOwPlefXNwx/nZTGCcg9tU="; Version=1; Max-Age=86400; Expires=Thu, 17-Feb-2011 06:09:08 GMT; Path=/ Here is the Section 4 grammar: expires-av = "Expires=" sane-cookie-date sane-cookie-date = <rfc1123-date, defined in [RFC2616], Section 3.3.1> >From RFC 2616: rfc1123-date = wkday "," SP date1 SP time SP "GMT" wkday = "Mon" | "Tue" | "Wed" | "Thu" | "Fri" | "Sat" | "Sun" date1 = 2DIGIT SP month SP 4DIGIT time = 2DIGIT ":" 2DIGIT ":" 2DIGIT Notice that the cookie is not using the "date1" grammar. Since the cookie has a Version=1 attribute, it is an RFC 2109 cookie, and RFC 2109 allows Netscape-style date/time formatting: Wdy, DD-Mon-YYYY HH:MM:SS GMT The cookie is conforming to that, but the draft does not allow servers to use that format anymore (but user agents can parse it, per Section 5).
- Re: [http-state] Is this an omission in the parse… Remy Lebeau
- [http-state] Is this an omission in the parser ru… Remy Lebeau
- Re: [http-state] Is this an omission in the parse… Adam Barth
- Re: [http-state] Is this an omission in the parse… Adam Barth
- Re: [http-state] Is this an omission in the parse… Remy Lebeau
- Re: [http-state] Is this an omission in the parse… Adam Barth
- Re: [http-state] Is this an omission in the parse… Julian Reschke
- Re: [http-state] Is this an omission in the parse… Adam Barth
- Re: [http-state] Is this an omission in the parse… Remy Lebeau
- Re: [http-state] Is this an omission in the parse… Remy Lebeau
- Re: [http-state] Is this an omission in the parse… Remy Lebeau
- Re: [http-state] Is this an omission in the parse… Adam Barth
- Re: [http-state] Is this an omission in the parse… Roy T. Fielding
- Re: [http-state] Is this an omission in the parse… Adam Barth
- Re: [http-state] Is this an omission in the parse… Adam Barth
- Re: [http-state] Is this an omission in the parse… Remy Lebeau
- Re: [http-state] Is this an omission in the parse… Adam Barth
- Re: [http-state] Is this an omission in the parse… Remy Lebeau
- Re: [http-state] Is this an omission in the parse… Adam Barth
- Re: [http-state] Is this an omission in the parse… Remy Lebeau
- Re: [http-state] Is this an omission in the parse… Adam Barth
- Re: [http-state] Is this an omission in the parse… Peter Saint-Andre
- Re: [http-state] Is this an omission in the parse… Adam Barth
- Re: [http-state] Is this an omission in the parse… Peter Saint-Andre
- Re: [http-state] Is this an omission in the parse… Adam Barth
- Re: [http-state] Is this an omission in the parse… Roy T. Fielding
- Re: [http-state] Is this an omission in the parse… Adam Barth
- Re: [http-state] Is this an omission in the parse… Roy T. Fielding
- Re: [http-state] Is this an omission in the parse… Julian Reschke
- Re: [http-state] Is this an omission in the parse… Adam Barth
- Re: [http-state] Is this an omission in the parse… Julian Reschke
- Re: [http-state] Is this an omission in the parse… Adam Barth
- Re: [http-state] Is this an omission in the parse… Roy T. Fielding
- Re: [http-state] Is this an omission in the parse… Adam Barth
- Re: [http-state] Is this an omission in the parse… Adam Barth
- Re: [http-state] Is this an omission in the parse… Remy Lebeau
- Re: [http-state] Is this an omission in the parse… Dan Winship
- Re: [http-state] Is this an omission in the parse… Remy Lebeau
- [http-state] parser rules of draft-ietf-httpstate… Roy T. Fielding
- Re: [http-state] parser rules of draft-ietf-https… Peter Saint-Andre
- Re: [http-state] parser rules of draft-ietf-https… Roy T. Fielding
- Re: [http-state] parser rules of draft-ietf-https… Adam Barth
- Re: [http-state] parser rules of draft-ietf-https… Peter Saint-Andre
- Re: [http-state] parser rules of draft-ietf-https… Roy T. Fielding
- Re: [http-state] parser rules of draft-ietf-https… Remy Lebeau
- Re: [http-state] parser rules of draft-ietf-https… Adam Barth
- Re: [http-state] parser rules of draft-ietf-https… Roy T. Fielding
- Re: [http-state] parser rules of draft-ietf-https… Adam Barth
- Re: [http-state] parser rules of draft-ietf-https… Dan Winship
- Re: [http-state] parser rules of draft-ietf-https… Adam Barth
- Re: [http-state] parser rules of draft-ietf-https… Peter Saint-Andre