Re: [http-state] [Technical Errata Reported] RFC6265 (3430)
Zhong Yu <zhong.j.yu@gmail.com> Mon, 17 December 2012 16:24 UTC
Return-Path: <zhong.j.yu@gmail.com>
X-Original-To: http-state@ietfa.amsl.com
Delivered-To: http-state@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0049D21F8B35 for <http-state@ietfa.amsl.com>; Mon, 17 Dec 2012 08:24:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.814
X-Spam-Level:
X-Spam-Status: No, score=-6.814 tagged_above=-999 required=5 tests=[AWL=-3.215, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7KuBnLoe4TSp for <http-state@ietfa.amsl.com>; Mon, 17 Dec 2012 08:24:50 -0800 (PST)
Received: from mail-ob0-f172.google.com (mail-ob0-f172.google.com [209.85.214.172]) by ietfa.amsl.com (Postfix) with ESMTP id D33A621F8B2F for <http-state@ietf.org>; Mon, 17 Dec 2012 08:24:49 -0800 (PST)
Received: by mail-ob0-f172.google.com with SMTP id za17so5880639obc.31 for <http-state@ietf.org>; Mon, 17 Dec 2012 08:24:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=knxBfGZ87OPHIVsLNsbDOrxYUL5ErdECG+e83sR6jR0=; b=MnxlgwTQJ30+4Snr0FNhlFNDPgT775wLgKWt/zeT/3Sow8kQLgqaDEl7Hek9din/2s WK85NPZzpXh8szuichD/ju7JIx6/tQDS5D17DuqLifdfIm15Rlpk2o9PALtPPiMuN5IZ P46+z2XM9BfwPvnFzR7WkonrDQWpyZ6sze0cKDX06E72UPC1Fu/EvisINfFiEong7CEo T5ySWSBb57ZkqZwt1q+DCNqZhMaFKgMnmX016/nG7wZrQ0pGd3WYjzSMjwt3fywRSh2+ h4zHT+nzn0kinnXZ63HXKoDn18xDgV3rk9QwjGO+lPHJeOSJ/Q/V3NvHNyHbkYAcQkAT 1rSQ==
MIME-Version: 1.0
Received: by 10.182.2.169 with SMTP id 9mr12190085obv.66.1355761489132; Mon, 17 Dec 2012 08:24:49 -0800 (PST)
Received: by 10.76.12.227 with HTTP; Mon, 17 Dec 2012 08:24:48 -0800 (PST)
In-Reply-To: <50CF4129.9080705@gmail.com>
References: <20121213222237.C5069B1E006@rfc-editor.org> <CALaySJK6YimPpKK6bbnAZBwNyqhjD2zNCJFSQFbQSx_40nQv1Q@mail.gmail.com> <50CF4129.9080705@gmail.com>
Date: Mon, 17 Dec 2012 10:24:48 -0600
Message-ID: <CACuKZqFkVDG5Si_psL39_c1jCrnEU+hP-nNQcTwCL6=woMpgnA@mail.gmail.com>
From: Zhong Yu <zhong.j.yu@gmail.com>
To: Dan Winship <dan.winship@gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"
X-Mailman-Approved-At: Mon, 17 Dec 2012 13:51:13 -0800
Cc: http-state@ietf.org, Pete Resnick <presnick@qti.qualcomm.com>, Barry Leiba <barryleiba@computer.org>, abarth@eecs.berkeley.edu, RFC Errata System <rfc-editor@rfc-editor.org>
Subject: Re: [http-state] [Technical Errata Reported] RFC6265 (3430)
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Dec 2012 16:24:51 -0000
On Mon, Dec 17, 2012 at 9:58 AM, Dan Winship <dan.winship@gmail.com> wrote: > On 12/14/2012 09:30 AM, Barry Leiba wrote: >> Actually, it's much worse than that: the ABNF for max-age-av does not >> match the text in Section 5.2.2 at all > > Yes, that's intentional, and explained in the introduction: > >> To maximize interoperability with user agents, servers SHOULD limit >> themselves to the well-behaved profile defined in Section 4 when >> generating cookies. >> >> User agents MUST implement the more liberal processing rules defined >> in Section 5, in order to maximize interoperability with existing >> servers that do not conform to the well-behaved profile defined in >> Section 4. > > The prohibition against "Max-Age=0" is probably because IE still doesn't > support Max-Age, so any cookie that has Max-Age but not Expires is a > session cookie in IE. That's annoying for non-zero Max-Age values (and > the spec warns about this), but Max-Age=0 would end up meaning "delete > the cookie unless the user is using IE", which is almost certainly not > what you want. Thanks Dan, so a server should avoid Max-Age all together. If a server sets Max-Age=a few seconds, it won't be honored by IE either. Zhong
- [http-state] [Technical Errata Reported] RFC6265 … RFC Errata System
- Re: [http-state] [Technical Errata Reported] RFC6… Barry Leiba
- Re: [http-state] [Technical Errata Reported] RFC6… Dan Winship
- Re: [http-state] [Technical Errata Reported] RFC6… Barry Leiba
- Re: [http-state] [Technical Errata Reported] RFC6… Zhong Yu