Re: [http-state] [Technical Errata Reported] RFC6265 (3430)
Dan Winship <dan.winship@gmail.com> Mon, 17 December 2012 15:59 UTC
Return-Path: <dan.winship@gmail.com>
X-Original-To: http-state@ietfa.amsl.com
Delivered-To: http-state@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 480AB21F8B27 for <http-state@ietfa.amsl.com>; Mon, 17 Dec 2012 07:59:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X1y8G-dMr2TE for <http-state@ietfa.amsl.com>; Mon, 17 Dec 2012 07:59:47 -0800 (PST)
Received: from mail-ye0-f172.google.com (mail-ye0-f172.google.com [209.85.213.172]) by ietfa.amsl.com (Postfix) with ESMTP id ADBF021F8B16 for <http-state@ietf.org>; Mon, 17 Dec 2012 07:59:47 -0800 (PST)
Received: by mail-ye0-f172.google.com with SMTP id m10so652475yen.31 for <http-state@ietf.org>; Mon, 17 Dec 2012 07:59:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=OWNV5hmVp07Pk5LpC9rB+u5ORwNybTvrQkTlrcVk5YI=; b=skRFb5nS3GEjpVy8qSLqW8sHHNocKR99SVR7QPlCA8wTd3tW/SrlG1gFhZVFWqxT3c hegNR9QuVb/LuQNHJJ3VMaf0t+QkrXn5NkM9XEusJnxPJySkIYzBB2zTtpqIcNJH0RhT HahIwhdhWYG1tz0nWRjPGUtWrprSo50JHh79qNCSxOfM8nUsCm6erJ1Hny5yiGbx8DlW J+3FvxwXvfr8YwGfqzQvI0TGbl46f+lZgeDlLdLUuG16J2yp5audIdZGvaO2boRzKA30 eK9R8fuB4p77pRwkvOdbCAeEXbqkg8zyDsMoLqaIALh2/Rkegf9OxsosnlJcFHhjIQK/ NqBw==
Received: by 10.52.23.37 with SMTP id j5mr3413580vdf.56.1355759987130; Mon, 17 Dec 2012 07:59:47 -0800 (PST)
Received: from laptop.home.mysterion.org (c-76-17-119-23.hsd1.ga.comcast.net. [76.17.119.23]) by mx.google.com with ESMTPS id vl8sm11556138veb.9.2012.12.17.07.59.45 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 17 Dec 2012 07:59:46 -0800 (PST)
Message-ID: <50CF4129.9080705@gmail.com>
Date: Mon, 17 Dec 2012 10:58:33 -0500
From: Dan Winship <dan.winship@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/17.0 Thunderbird/17.0
MIME-Version: 1.0
To: Barry Leiba <barryleiba@computer.org>
References: <20121213222237.C5069B1E006@rfc-editor.org> <CALaySJK6YimPpKK6bbnAZBwNyqhjD2zNCJFSQFbQSx_40nQv1Q@mail.gmail.com>
In-Reply-To: <CALaySJK6YimPpKK6bbnAZBwNyqhjD2zNCJFSQFbQSx_40nQv1Q@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: abarth@eecs.berkeley.edu, Pete Resnick <presnick@qti.qualcomm.com>, http-state@ietf.org, zhong.j.yu@gmail.com, RFC Errata System <rfc-editor@rfc-editor.org>
Subject: Re: [http-state] [Technical Errata Reported] RFC6265 (3430)
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Dec 2012 15:59:48 -0000
On 12/14/2012 09:30 AM, Barry Leiba wrote: > Actually, it's much worse than that: the ABNF for max-age-av does not > match the text in Section 5.2.2 at all Yes, that's intentional, and explained in the introduction: > To maximize interoperability with user agents, servers SHOULD limit > themselves to the well-behaved profile defined in Section 4 when > generating cookies. > > User agents MUST implement the more liberal processing rules defined > in Section 5, in order to maximize interoperability with existing > servers that do not conform to the well-behaved profile defined in > Section 4. The prohibition against "Max-Age=0" is probably because IE still doesn't support Max-Age, so any cookie that has Max-Age but not Expires is a session cookie in IE. That's annoying for non-zero Max-Age values (and the spec warns about this), but Max-Age=0 would end up meaning "delete the cookie unless the user is using IE", which is almost certainly not what you want. -- Dan
- [http-state] [Technical Errata Reported] RFC6265 … RFC Errata System
- Re: [http-state] [Technical Errata Reported] RFC6… Barry Leiba
- Re: [http-state] [Technical Errata Reported] RFC6… Dan Winship
- Re: [http-state] [Technical Errata Reported] RFC6… Barry Leiba
- Re: [http-state] [Technical Errata Reported] RFC6… Zhong Yu