Re: [http-state] Updated draft
Adam Barth <ietf@adambarth.com> Sat, 15 August 2009 23:43 UTC
Return-Path: <adam@adambarth.com>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7AFC63A6AB7 for <http-state@core3.amsl.com>; Sat, 15 Aug 2009 16:43:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.867
X-Spam-Level:
X-Spam-Status: No, score=-1.867 tagged_above=-999 required=5 tests=[AWL=0.110, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id skZUinbth25p for <http-state@core3.amsl.com>; Sat, 15 Aug 2009 16:42:57 -0700 (PDT)
Received: from mail-vw0-f196.google.com (mail-vw0-f196.google.com [209.85.212.196]) by core3.amsl.com (Postfix) with ESMTP id 76B193A68CC for <http-state@ietf.org>; Sat, 15 Aug 2009 16:42:53 -0700 (PDT)
Received: by vws34 with SMTP id 34so2039882vws.31 for <http-state@ietf.org>; Sat, 15 Aug 2009 16:42:56 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.220.111.6 with SMTP id q6mr3375570vcp.45.1250379776118; Sat, 15 Aug 2009 16:42:56 -0700 (PDT)
In-Reply-To: <alpine.DEB.2.00.0908152250410.18461@yvahk2.pbagnpgbe.fr>
References: <7789133a0908151008p35ff30e6w2761368fe70d41a6@mail.gmail.com> <alpine.DEB.2.00.0908152250410.18461@yvahk2.pbagnpgbe.fr>
From: Adam Barth <ietf@adambarth.com>
Date: Sat, 15 Aug 2009 16:42:36 -0700
Message-ID: <7789133a0908151642w47c1dbf1x48268e657b0d71cc@mail.gmail.com>
To: Daniel Stenberg <daniel@haxx.se>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: http-state <http-state@ietf.org>
Subject: Re: [http-state] Updated draft
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 15 Aug 2009 23:43:06 -0000
On Sat, Aug 15, 2009 at 2:06 PM, Daniel Stenberg<daniel@haxx.se> wrote: > Section 2 "Terminology" describes how the domain matchin is made. I know > this was like this in RFC2965 as well, but I find it to be a weird placement > for that description. That's not terminology, it's rather text meant for > section 6.4 in my opinion. Yes. I've added a TODO to move this to one of the conformance sections. > In section 6.3 I found this text: > > "The user agent MUST evict a cookie ... if ... More than 50 cookies exist in > the cookie store with the same domain field." > > Is that really a MUST? There's no fixed 50 cookies limit in curl at least > and I would be surprised if all other HTTP clients would agree on this. May > I suggest that to be written a MAY instead? Done. I have it on good authority that there exist sites that break if you change this number. However, I've softened the draft to make 50 only a suggestion. > In section 6.4 there's a typo: > > When the user agent generates an HTTP request for a particular URI, > the user agent SHOULD attach exactly one HTTP named Cookie if the > > insert 'header' after HTTP. Fixed. > I don't understand the section saying: > > When generating a cookie-string from a URI with a "secure" scheme, > the user agent MUST set the SECURE flag to true. Otherwise, the user > agent MUST set the SECURE flag to false. > > What 'flag' is this referring to? This section is for sending the Cookie: > header and I would presume stored received cookies already are marked secure > or not. Similar wording is used later but then speaks of "the HTTP flag". Yeah, this is pretty clumsy. I was trying to make the cooke selection algorithm simpler, but it didn't work out well. I've added a TODO to fix this. > The section about the sorting of the cookie-list. Do implementations really > bother about in which order the cookies are matched? I don't see how that is > important (and again, I know an implementation that doesn't care). Yes. The bit about sorting by path length is definitely required for compatibility. I remember reading some old bug reports about that. I suspect the bit about creation date is important too, although I don't have concrete examples of sites that break. I don't have a test case written for the sorting yet, but I believe IE, Firefox, and Chrome do this. I haven't tested Safari or Opera. > The text about "Update the last-access field of each cookie" is certainly > not a MUST but could be a useful suggestion. Still I think it could be left > out entirely. That's the only text that gives semantics to the last-access field, which is needed during eviction. Adam
- [http-state] Updated draft Adam Barth
- Re: [http-state] Updated draft Daniel Stenberg
- Re: [http-state] Updated draft Adam Barth
- Re: [http-state] Updated draft Daniel Stenberg
- Re: [http-state] Updated draft Adam Barth
- Re: [http-state] Updated draft Daniel Stenberg
- Re: [http-state] Updated draft Adam Barth
- Re: [http-state] Updated draft Daniel Stenberg
- Re: [http-state] Updated draft Dan Winship
- Re: [http-state] Updated draft Daniel Stenberg
- Re: [http-state] Updated draft Adam Barth
- Re: [http-state] Updated draft Adam Barth
- Re: [http-state] Updated draft Bil Corry
- Re: [http-state] Updated draft Daniel Stenberg
- Re: [http-state] Updated draft Julian Reschke
- Re: [http-state] Updated draft Daniel Stenberg
- Re: [http-state] Updated draft Bil Corry
- Re: [http-state] Updated draft Daniel Stenberg
- Re: [http-state] Updated draft Adam Barth
- Re: [http-state] Updated draft Adam Barth
- Re: [http-state] Updated draft Daniel Stenberg
- Re: [http-state] Updated draft Julian Reschke
- Re: [http-state] Updated draft Anne van Kesteren
- Re: [http-state] Updated draft Julian Reschke
- Re: [http-state] Updated draft Adam Barth
- Re: [http-state] Updated draft Daniel Stenberg
- Re: [http-state] Updated draft Dan Winship
- Re: [http-state] Updated draft Anne van Kesteren
- Re: [http-state] Updated draft Daniel Stenberg