Re: [http-state] Ticket 5: Cookie ordering
Adam Barth <ietf@adambarth.com> Mon, 08 February 2010 16:20 UTC
Return-Path: <adam@adambarth.com>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4DF4D28C132 for <http-state@core3.amsl.com>; Mon, 8 Feb 2010 08:20:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9VDv+SBwn70r for <http-state@core3.amsl.com>; Mon, 8 Feb 2010 08:20:13 -0800 (PST)
Received: from qw-out-2122.google.com (qw-out-2122.google.com [74.125.92.26]) by core3.amsl.com (Postfix) with ESMTP id 4F14A28C125 for <http-state@ietf.org>; Mon, 8 Feb 2010 08:20:13 -0800 (PST)
Received: by qw-out-2122.google.com with SMTP id 9so896952qwb.31 for <http-state@ietf.org>; Mon, 08 Feb 2010 08:21:13 -0800 (PST)
MIME-Version: 1.0
Received: by 10.142.6.24 with SMTP id 24mr2875123wff.294.1265646072537; Mon, 08 Feb 2010 08:21:12 -0800 (PST)
In-Reply-To: <op.u7tgx5y4vqd7e2@killashandra.oslo.osa>
References: <7789133a1001191410l48530adar28098a03e6de0fb1@mail.gmail.com> <op.u7mkruzjvqd7e2@killashandra.oslo.osa> <alpine.DEB.2.00.1002050932580.3094@tvnag.unkk.fr> <op.u7nnk8uyvqd7e2@killashandra.oslo.osa> <op.u7tgx5y4vqd7e2@killashandra.oslo.osa>
From: Adam Barth <ietf@adambarth.com>
Date: Mon, 08 Feb 2010 08:20:52 -0800
Message-ID: <7789133a1002080820j745eaa87uffdf6ec8f6f7939e@mail.gmail.com>
To: yngve@opera.com
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: Daniel Stenberg <daniel@haxx.se>, http-state <http-state@ietf.org>
Subject: Re: [http-state] Ticket 5: Cookie ordering
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Feb 2010 16:20:14 -0000
Would you be willing to share your test cases? I'd like to add them to the test suite. Thanks, Adam On Mon, Feb 8, 2010 at 8:19 AM, Yngve Nysaeter Pettersen <yngve@opera.com> wrote: > On Fri, 05 Feb 2010 13:56:58 +0100, Yngve Nysaeter Pettersen > <yngve@opera.com> wrote: >> >> IOW, if ordering is determined by anything but the domain and path the >> sequence of cookie is going to vary depending on which servers the clients >> visits and the sequence it visits them, and this might cause significant >> problems for a server that considers ordering significant. > > Some testing by a couple of my colleagues setting two cookies with the same > name (and path) "host-only" and "domain-wide" have found the following in > browsers other than Opera: > > ----- > Visit order: Host-only, domain-wide > Cookie order: "host-only", "domain-wide" > ----- > > ----- > Visit order: domain-wide, Host-only > Cookie order (IE): "host-only", "domain-wide" > Cookie order (Others): "domain-wide", "host-only" > ----- > > To me it looks like IE is sorting by domain, at the same path level, with FF > and Safari (the two tested) sort on creation data. > > The consequence is that there is apparently three deployed ways to send > cookies: > > - Cookies at the same path level are grouped and sorted by creation date, > earliest first (FF&co) > - Cookies at the same path level are grouped and sorted by domain, most > specific first (IE) > - Cookies are grouped by domain (most specific first), then sorted by path > (most specific first) within each domain (Opera) > > IMO the creation date method is less predictable than the other two, and > will cause problems for sites depending on a specific sequence of cookies. > > My suggestion would be that the spec should recommend ordering an ordering > based on on both domain and path (order of preference to be decided), as > that will be more predictable for sites using multiple cookies with the same > name at various domain and path levels. > > -- > Sincerely, > Yngve N. Pettersen > ******************************************************************** > Senior Developer Email: yngve@opera.com > Opera Software ASA http://www.opera.com/ > Phone: +47 24 16 42 60 Fax: +47 24 16 40 01 > ******************************************************************** > _______________________________________________ > http-state mailing list > http-state@ietf.org > https://www.ietf.org/mailman/listinfo/http-state >
- [http-state] Ticket 5: Cookie ordering Adam Barth
- Re: [http-state] Ticket 5: Cookie ordering Daniel Stenberg
- Re: [http-state] Ticket 5: Cookie ordering Adam Barth
- Re: [http-state] Ticket 5: Cookie ordering David Morris
- Re: [http-state] Ticket 5: Cookie ordering Adam Barth
- Re: [http-state] Ticket 5: Cookie ordering David Morris
- Re: [http-state] Ticket 5: Cookie ordering Adam Barth
- Re: [http-state] Ticket 5: Cookie ordering Daniel Stenberg
- Re: [http-state] Ticket 5: Cookie ordering Adam Barth
- Re: [http-state] Ticket 5: Cookie ordering Daniel Stenberg
- Re: [http-state] Ticket 5: Cookie ordering Dan Winship
- Re: [http-state] Ticket 5: Cookie ordering Dan Winship
- Re: [http-state] Ticket 5: Cookie ordering Maciej Stachowiak
- Re: [http-state] Ticket 5: Cookie ordering Anne van Kesteren
- Re: [http-state] Ticket 5: Cookie ordering Yngve Nysaeter Pettersen
- Re: [http-state] Ticket 5: Cookie ordering Adam Barth
- Re: [http-state] Ticket 5: Cookie ordering Yngve Nysaeter Pettersen
- Re: [http-state] Ticket 5: Cookie ordering Daniel Stenberg
- Re: [http-state] Ticket 5: Cookie ordering Yngve Nysaeter Pettersen
- Re: [http-state] Ticket 5: Cookie ordering Dan Witte
- Re: [http-state] Ticket 5: Cookie ordering Paul E. Jones
- Re: [http-state] Ticket 5: Cookie ordering Adam Barth
- Re: [http-state] Ticket 5: Cookie ordering Achim Hoffmann
- Re: [http-state] Ticket 5: Cookie ordering Adam Barth
- Re: [http-state] Ticket 5: Cookie ordering Dan Witte
- Re: [http-state] Ticket 5: Cookie ordering Achim Hoffmann
- Re: [http-state] Ticket 5: Cookie ordering Adam Barth
- Re: [http-state] Ticket 5: Cookie ordering Daniel Stenberg
- Re: [http-state] Ticket 5: Cookie ordering Achim Hoffmann