Re: [http-state] Make draft-abarth-cookie-06 a working group item?
Adam Barth <ietf@adambarth.com> Sat, 12 December 2009 04:47 UTC
Return-Path: <adam@adambarth.com>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8509C3A67C1 for <http-state@core3.amsl.com>; Fri, 11 Dec 2009 20:47:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.865
X-Spam-Level:
X-Spam-Status: No, score=-1.865 tagged_above=-999 required=5 tests=[AWL=0.112, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8PnK2FMwUIPx for <http-state@core3.amsl.com>; Fri, 11 Dec 2009 20:47:27 -0800 (PST)
Received: from mail-px0-f171.google.com (mail-px0-f171.google.com [209.85.216.171]) by core3.amsl.com (Postfix) with ESMTP id B38BE3A679F for <http-state@ietf.org>; Fri, 11 Dec 2009 20:47:27 -0800 (PST)
Received: by pxi1 with SMTP id 1so1604080pxi.29 for <http-state@ietf.org>; Fri, 11 Dec 2009 20:47:13 -0800 (PST)
MIME-Version: 1.0
Received: by 10.142.60.3 with SMTP id i3mr1320499wfa.147.1260593233053; Fri, 11 Dec 2009 20:47:13 -0800 (PST)
In-Reply-To: <7789133a0912111604q2a9edcf7g1bfb394cfd4d4eae@mail.gmail.com>
References: <7789133a0912111441t38d8142frecfc149e2d8464fd@mail.gmail.com> <alpine.DEB.2.00.0912120005060.16918@tvnag.unkk.fr> <7789133a0912111604q2a9edcf7g1bfb394cfd4d4eae@mail.gmail.com>
From: Adam Barth <ietf@adambarth.com>
Date: Fri, 11 Dec 2009 20:45:46 -0800
Message-ID: <7789133a0912112045m14a83eam40603f1afa588a94@mail.gmail.com>
To: Daniel Stenberg <daniel@haxx.se>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: http-state <http-state@ietf.org>
Subject: Re: [http-state] Make draft-abarth-cookie-06 a working group item?
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Dec 2009 04:47:28 -0000
On Fri, Dec 11, 2009 at 4:04 PM, Adam Barth <ietf@adambarth.com> wrote: > On Fri, Dec 11, 2009 at 3:48 PM, Daniel Stenberg <daniel@haxx.se> wrote: >> Here's some additional random thoughts on the current version: >> >> Max-age is now specified to be: >> >> The value of the Max-Age attribute represents the maximum >> lifetime of the cookie, measured in seconds from the moment the >> user agent receives the cookie >> >> RFC2109 and 2965 that both include max-age defined Max-age to be: >> >> The Max-Age attribute defines the lifetime of the cookie, in seconds. > > I'm happy to use the RFC2109 and 2965 working if you think that's clearer. I adapted some text from HTTPbis, which equivocates on this point: [[ The Max-Age attribute indicates that the cookie MUST NOT be returned to the server when its age is greater than the specified number of seconds. ]] In general, I'd like to align the spec with HTTPbis wherever possible. >> I have some problems with this phrase in 4.2.1: >> >> NOTE: If the server supplies a Set-Cookie header that does not >> conform to the grammar in Section [TODO], the user agent might not >> supply a Cookie header that conforms to the preceding grammar. >> >> Is that a way to say that if the server violates the spec, so can the >> client? > > I need to make this clearer. What this means is if the server > includes a funny character in a cookie name (like +) that is outside > the grammar, then the client will return that value even though it > doesn't conform to the grammar. > >> I don't see any reason to A) offer the client a way to not adhere to >> the spec and B) imply that the client would deal with improplerly formatted >> cookies in any particular way that isn't even following this spec! But of >> course, I'm not sure what the [TODO] is so I might have misunderstood this >> paragraph. > > The intent is as follows: > > 1) A user agent should always follow the rules in Section 5. > 2) If the server follows the rules in Section 4, then everything is > nice and sane and works as described in Section 4. > 3) If the server doesn't follow the rules in Section 4, then you need > to read Section 5 to figure out what's going to happen. Is this text clearer? [[ NOTE: If the server supplies Set-Cookie headers that conform to the grammar in this section, then the user agent will return a Cookie header that conforms to the grammar above. However, if the user agent receives a Set-Cookie header that deviates from the grammar in this section, the requirements in the next section might cause the user agent to return a Cookie header that deviates from the preceding grammar. ]] >> And for the sake of it, I'll maintain that I am against section 5.3 rule >> number 2. I argue that both those cookie sort order keys are not a MUST. I >> just cannot agree with that. > > Keep in mind that this draft is just the starting point for > discussion. I expect there will be many more drafts to come where we > can iron out these issues. I've added a TODO about this so we don't forget. Adam
- [http-state] Make draft-abarth-cookie-06 a workin… Adam Barth
- Re: [http-state] Make draft-abarth-cookie-06 a wo… Daniel Stenberg
- Re: [http-state] Make draft-abarth-cookie-06 a wo… Adam Barth
- Re: [http-state] Make draft-abarth-cookie-06 a wo… Peter Saint-Andre
- Re: [http-state] Make draft-abarth-cookie-06 a wo… Adam Barth
- Re: [http-state] Make draft-abarth-cookie-06 a wo… Dan Winship
- Re: [http-state] Make draft-abarth-cookie-06 a wo… Daniel Stenberg
- Re: [http-state] Make draft-abarth-cookie-06 a wo… Yngve N. Pettersen (Developer Opera Software ASA)
- Re: [http-state] Make draft-abarth-cookie-06 a wo… David Morris
- Re: [http-state] Make draft-abarth-cookie-06 a wo… Dan Witte
- Re: [http-state] Make draft-abarth-cookie-06 a wo… Daniel Stenberg
- Re: [http-state] Make draft-abarth-cookie-06 a wo… Adam Barth