Re: [http-state] Question regarding RFC 6265 and ietf process

Fagner Martins <eu@fagnermartins.com> Mon, 07 September 2015 13:03 UTC

Return-Path: <admin@fagnermartins.com>
X-Original-To: http-state@ietfa.amsl.com
Delivered-To: http-state@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A07E1B4A09 for <http-state@ietfa.amsl.com>; Mon, 7 Sep 2015 06:03:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.723
X-Spam-Level:
X-Spam-Status: No, score=0.723 tagged_above=-999 required=5 tests=[BAYES_50=0.8, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q-vo6SxJCWRK for <http-state@ietfa.amsl.com>; Mon, 7 Sep 2015 06:03:21 -0700 (PDT)
Received: from mail-wi0-f176.google.com (mail-wi0-f176.google.com [209.85.212.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9CBE1B5274 for <http-state@ietf.org>; Mon, 7 Sep 2015 06:00:18 -0700 (PDT)
Received: by wiclk2 with SMTP id lk2so88090568wic.0 for <http-state@ietf.org>; Mon, 07 Sep 2015 06:00:17 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=DooNblhS94VblKXwsaB6PMumThqNV9lSGR/Ow+chmmQ=; b=frIgXxcKhvLZ7h/bltQLJOi2l+iqcF5WKrvokVq2XcOpXh8hSa9Xs0ECOJmtIcdMHe oaQzw1EDAalfN9j0eZk5RjDsvghVI2qide3WU5CyAYc/vnXr54QhIZjfgTxfYXixqhfP S6L6LLNjiI+/WO48pbnbfwqXtZNHwL1A9bXOegCBb8/4YGKzrdTxV4Su+dGcZquT56IA jaYDDIOD5A52yGdf28Ttn+ZgP4jqjQ2OapHAdNjf9vDfd3JU7Lwk6qoMxr9AhDJi1F9j VdvHzXqKoUmlq+59f/41IPAFyKBjBHX75SIeADvfznqHrNB18i3CqwbCPDypLWZubVWH pAvA==
X-Gm-Message-State: ALoCoQn629gJYlPwo+yLyiUrLHS5PWYag0Sjdpd3xKBCVCUORQk8XuW+f4RoifzlKfnLIRP9tDD6
MIME-Version: 1.0
X-Received: by 10.180.81.227 with SMTP id d3mr34506269wiy.38.1441630817166; Mon, 07 Sep 2015 06:00:17 -0700 (PDT)
Sender: admin@fagnermartins.com
Received: by 10.194.106.129 with HTTP; Mon, 7 Sep 2015 06:00:17 -0700 (PDT)
X-Originating-IP: [200.180.186.25]
In-Reply-To: <alpine.DEB.2.11.1509062003000.7592@tvnag.unkk.fr>
References: <CAK5xtXOF0FG1roQNfzEUtj9x2aNhfG3_O7Sxk_4mGqU1rfD_Mg@mail.gmail.com> <alpine.DEB.2.11.1509062003000.7592@tvnag.unkk.fr>
Date: Mon, 7 Sep 2015 10:00:17 -0300
X-Google-Sender-Auth: 5kcNK1j-2yFGW0DFoe3OLTA70rE
Message-ID: <CAK5xtXPRefR-yO9+DvU=ainqCcjvvbfoQ-99jftYkJbw6MBbKQ@mail.gmail.com>
From: Fagner Martins <eu@fagnermartins.com>
To: Daniel Stenberg <daniel@haxx.se>
Content-Type: multipart/alternative; boundary=f46d04428700c13d1e051f27d4bc
Archived-At: <http://mailarchive.ietf.org/arch/msg/http-state/mc4KgGFzK7bwi51VasQ7AOjvU6M>
Cc: HTTP-state mailing list <http-state@ietf.org>
Subject: Re: [http-state] Question regarding RFC 6265 and ietf process
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-state/>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Sep 2015 13:03:23 -0000

It seems that the plus decode handling for php and rack are happening way
before the spec was released in 2011. See
https://github.com/js-cookie/js-cookie/issues/70#issuecomment-138290406

AFAIK, before RFC 6265 there was no consensus regarding how to handle
cookies, I could rise some bug report in each specific language, but since
php is so widely used in the web I am pretty sure they are not going to
change it.
----------------------------------------------------
Fagner Martins Brack
http://www.fagnerbrack.com/
https://github.com/FagnerMartinsBrack?tab=activity
http://stackoverflow.com/users/1400037/fagner-brack
http://br.linkedin.com/pub/fagner-martins-brack/69/48/719

2015-09-06 15:07 GMT-03:00 Daniel Stenberg <daniel@haxx.se>;:

> On Tue, 1 Sep 2015, Fagner Martins wrote:
>
> I am not a veteran on the internet, so I am not aware of how the process
>> works. But would it make sense to amend the RFC to account for characters
>> allowed in the browsers but realistically disallowed by most frameworks due
>> to historical reasons?
>>
>> It would be very useful to make the RFC a documentation to serve as a
>> baseline for how the web *and the server-side languages *that are built on
>> it actually work instead of restricting only to how browsers work in the
>> wild.
>>
>
> The work on RFC 6265 was certainly not just to document how browsers work.
> We worked on documenting how cookies are used in general everywhere on the
> web and I can't recall anyone mentioning this restriction during that
> process.
>
> But also, this restriction seems very arbitrary and random and I don't see
> how any spec in the cookie history has made these frameworks make this
> decision. My personal opinion is that this is an implementation bug, not a
> problem with the spec.
>
> --
>
>  / daniel.haxx.se
>