Re: [http-state] non-ASCII cookie values (was Re: Closing Ticket 3: Public Suffixes)
Dan Winship <dan.winship@gmail.com> Wed, 03 February 2010 02:21 UTC
Return-Path: <dan.winship@gmail.com>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9C2563A6BB7 for <http-state@core3.amsl.com>; Tue, 2 Feb 2010 18:21:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.645
X-Spam-Level:
X-Spam-Status: No, score=-1.645 tagged_above=-999 required=5 tests=[AWL=-0.620, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, SARE_LWSHORTT=1.24]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9VZi68M8puO6 for <http-state@core3.amsl.com>; Tue, 2 Feb 2010 18:21:14 -0800 (PST)
Received: from mysterion.org (mysterion.org [69.25.196.35]) by core3.amsl.com (Postfix) with ESMTP id B4C7A3A6BAB for <http-state@ietf.org>; Tue, 2 Feb 2010 18:21:14 -0800 (PST)
Received: from desktop.home.mysterion.org (c-76-97-71-164.hsd1.ga.comcast.net [76.97.71.164]) by mysterion.org (Postfix) with ESMTPA id 9B1FC802AE; Tue, 2 Feb 2010 21:21:54 -0500 (EST)
Message-ID: <4B68DDC1.7000501@gmail.com>
Date: Tue, 02 Feb 2010 21:21:53 -0500
From: Dan Winship <dan.winship@gmail.com>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.5) Gecko/20091209 Fedora/3.0-4.fc12 Thunderbird/3.0
MIME-Version: 1.0
To: Maciej Stachowiak <mjs@apple.com>
References: <7789133a1002011014x5d587436j663a73bc92270a65@mail.gmail.com> <E1E6C8DE-EFB6-4226-93EE-AF20053FF315@apple.com> <Pine.LNX.4.64.1002012105180.6765@egate.xpasc.com> <7789133a1002012254oafc43aehe32f16e2640cbcdc@mail.gmail.com> <92003C09-05E0-4D51-B17B-05C26A41C209@apple.com>
In-Reply-To: <92003C09-05E0-4D51-B17B-05C26A41C209@apple.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: http-state@ietf.org
Subject: Re: [http-state] non-ASCII cookie values (was Re: Closing Ticket 3: Public Suffixes)
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Feb 2010 02:21:15 -0000
On 02/02/2010 07:27 PM, Maciej Stachowiak wrote: > HTML5 does not spec this detail and apparently expects the cookie > spec to expose a string interface, not an octet-sequence > interface: > http://dev.w3.org/html5/spec/Overview.html#dom-document-cookie Slight tangent... One of the major reasons cookies are such a disaster is that web site frameworks and document.cookie both expose cookies to web site authors as just strings, and expect the web site authors to get all the nasty syntax details correct. Which they of course don't. Although in the short term we need to nail down exactly how document.cookie works for backward-compatibility purposes, in the long run, we might be able to make the world a better place if we helped design a fabulous new higher-level cookie API for HTML5, where the browser would handle the tricky syntax bits, and would just throw an exception if the page tried to use an illegal cookie name, etc. This new API could even fix some issues that we aren't currently able to fix in the spec, eg, by setting the "Secure" flag on the cookie by default if the page had been loaded over https, etc. (And likewise, the spec could recommend that web site frameworks/libraries SHOULD provide similar idiot-proof high-level cookie APIs, rather than expecting authors to generate valid Set-Cookie headers by themselves.) -- Dan
- [http-state] non-ASCII cookie values (was Re: Clo… Adam Barth
- Re: [http-state] non-ASCII cookie values (was Re:… Julian Reschke
- Re: [http-state] non-ASCII cookie values (was Re:… Maciej Stachowiak
- Re: [http-state] non-ASCII cookie values (was Re:… David Morris
- Re: [http-state] non-ASCII cookie values (was Re:… Adam Barth
- Re: [http-state] non-ASCII cookie values (was Re:… Adam Barth
- Re: [http-state] non-ASCII cookie values (was Re:… Maciej Stachowiak
- Re: [http-state] non-ASCII cookie values (was Re:… Adam Barth
- Re: [http-state] non-ASCII cookie values (was Re:… Maciej Stachowiak
- Re: [http-state] non-ASCII cookie values (was Re:… Adam Barth
- Re: [http-state] non-ASCII cookie values (was Re:… Maciej Stachowiak
- Re: [http-state] non-ASCII cookie values (was Re:… Dan Winship
- Re: [http-state] non-ASCII cookie values (was Re:… Adam Barth
- Re: [http-state] non-ASCII cookie values (was Re:… Ian Hickson
- Re: [http-state] non-ASCII cookie values (was Re:… Julian Reschke
- Re: [http-state] non-ASCII cookie values (was Re:… Maciej Stachowiak
- Re: [http-state] non-ASCII cookie values (was Re:… Daniel Stenberg
- Re: [http-state] non-ASCII cookie values (was Re:… Adam Barth
- Re: [http-state] non-ASCII cookie values (was Re:… Adam Barth
- Re: [http-state] non-ASCII cookie values (was Re:… Julian Reschke
- Re: [http-state] non-ASCII cookie values (was Re:… Adam Barth
- Re: [http-state] non-ASCII cookie values (was Re:… Adam Barth
- Re: [http-state] non-ASCII cookie values (was Re:… Julian Reschke
- Re: [http-state] non-ASCII cookie values (was Re:… Adam Barth
- Re: [http-state] non-ASCII cookie values (was Re:… Maciej Stachowiak
- Re: [http-state] non-ASCII cookie values (was Re:… Adam Barth
- Re: [http-state] non-ASCII cookie values (was Re:… Adam Barth
- Re: [http-state] non-ASCII cookie values (was Re:… Julian Reschke
- Re: [http-state] non-ASCII cookie values (was Re:… Maciej Stachowiak
- Re: [http-state] non-ASCII cookie values (was Re:… Maciej Stachowiak
- Re: [http-state] non-ASCII cookie values (was Re:… Adam Barth
- Re: [http-state] non-ASCII cookie values (was Re:… Julian Reschke
- Re: [http-state] non-ASCII cookie values (was Re:… Anne van Kesteren
- Re: [http-state] non-ASCII cookie values (was Re:… Adam Barth