IETF Logo Mail Archive

Re: [http-state] The Domain attribute (was Re: I-D Action:draft-ietf-httpstate-cookie-20.txt)

Adam Barth <ietf@adambarth.com> Fri, 07 January 2011 02:16 UTC

Return-Path: <ietf@adambarth.com>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1C4F23A6DD2 for <http-state@core3.amsl.com>; Thu, 6 Jan 2011 18:16:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.659
X-Spam-Level:
X-Spam-Status: No, score=-3.659 tagged_above=-999 required=5 tests=[AWL=-1.282, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, J_CHICKENPOX_73=0.6, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 761M967WWX+Q for <http-state@core3.amsl.com>; Thu, 6 Jan 2011 18:16:40 -0800 (PST)
Received: from mail-gw0-f44.google.com (mail-gw0-f44.google.com [74.125.83.44]) by core3.amsl.com (Postfix) with ESMTP id A7F133A6D19 for <http-state@ietf.org>; Thu, 6 Jan 2011 18:16:39 -0800 (PST)
Received: by gwj17 with SMTP id 17so9110816gwj.31 for <http-state@ietf.org>; Thu, 06 Jan 2011 18:18:46 -0800 (PST)
Received: by 10.150.181.18 with SMTP id d18mr1862998ybf.46.1294366726084; Thu, 06 Jan 2011 18:18:46 -0800 (PST)
Received: from mail-iw0-f172.google.com (mail-iw0-f172.google.com [209.85.214.172]) by mx.google.com with ESMTPS id i39sm809798yhd.11.2011.01.06.18.18.44 (version=SSLv3 cipher=RC4-MD5); Thu, 06 Jan 2011 18:18:44 -0800 (PST)
Received: by iwn40 with SMTP id 40so17896568iwn.31 for <http-state@ietf.org>; Thu, 06 Jan 2011 18:18:43 -0800 (PST)
Received: by 10.231.19.138 with SMTP id a10mr8794178ibb.127.1294366723406; Thu, 06 Jan 2011 18:18:43 -0800 (PST)
MIME-Version: 1.0
Received: by 10.231.11.140 with HTTP; Thu, 6 Jan 2011 18:18:13 -0800 (PST)
In-Reply-To: <081f01cbae10$706f6750$514e35f0$@packetizer.com>
References: <AANLkTinK+2sfe4UZLKF5G0MLrQ6es2BfTHwtT769sgSM@mail.gmail.com> <07d501cbadf0$31e13470$95a39d50$@packetizer.com> <AANLkTi=M7ZW2FGtV6okTOswiS3sQPM8O07xhF6ifMwVK@mail.gmail.com> <081f01cbae10$706f6750$514e35f0$@packetizer.com>
From: Adam Barth <ietf@adambarth.com>
Date: Thu, 06 Jan 2011 18:18:13 -0800
Message-ID: <AANLkTikniWbJ1Whw-CWkRXimKqGq8GptS6zNQ56D=kWD@mail.gmail.com>
To: "Paul E. Jones" <paulej@packetizer.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: http-state@ietf.org
Subject: Re: [http-state] The Domain attribute (was Re: I-D Action:draft-ietf-httpstate-cookie-20.txt)
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Jan 2011 02:16:41 -0000

On Thu, Jan 6, 2011 at 6:13 PM, Paul E. Jones <paulej@packetizer.com> wrote:
>> > The empty string is also used in this example:
>> > Set-Cookie: lang=; Expires=Sun, 06 Nov 1994 08:49:37 GMT
>>
>> Why is that?  The "lang" attribute has not been defined, so the valid
>> values for the lang attribute certainly haven't been defined.
>>
>> > For this reason, this might be another area where we need to consider
>> > a syntax change:
>> > cookie-pair       = cookie-name "=" cookie-value cookie-name       =
>> > token cookie-value      = token | ""
>> >                         ^^^^^
>>
>> I would not recommend that servers send empty attribute values.
>> That's just asking for interoperability problems.
>
> But, "lang" is sent in the above example as an empty string.  Thus, this
> should be the definition of "cookie-value":
> cookie-value      = token | ""
>
> As the text is current written, I think this is illegal:
> Set-Cookie: lang=; Expires=Sun, 06 Nov 1994 08:49:37 GMT

Oh, sorry, got confused.  Empty strings should be allowed for
cooke-values but not for attribute-values.

Adam


>> > In any case, I don't have a strong preference and if the group wants
>> > to change the syntax.  That's OK.  It just seems allowing an empty
>> > string for "Domain" is more consistent with the text than not.
>>
>> More consistent with what text?  The text in the User Agent Requirements
>> section is for user agents and not for servers.  You're talking about
>> what's useful for syntax for servers to generate.  It's not useful for
>> servers to generate empty Domain attributes.  Instead of generating an
>> empty Domain attribute, they ought to simply omit the Domain attribute.
>
> OK, that's a good argument. :-)
>
> Paul
>
>

v2.23.0 | Report a Bug | By Email