Re: [http-state] The Domain attribute (was Re: I-D Action:draft-ietf-httpstate-cookie-20.txt)
Adam Barth <ietf@adambarth.com> Fri, 07 January 2011 02:16 UTC
Return-Path: <ietf@adambarth.com>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1C4F23A6DD2 for <http-state@core3.amsl.com>; Thu, 6 Jan 2011 18:16:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.659
X-Spam-Level:
X-Spam-Status: No, score=-3.659 tagged_above=-999 required=5 tests=[AWL=-1.282, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, J_CHICKENPOX_73=0.6, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 761M967WWX+Q for <http-state@core3.amsl.com>; Thu, 6 Jan 2011 18:16:40 -0800 (PST)
Received: from mail-gw0-f44.google.com (mail-gw0-f44.google.com [74.125.83.44]) by core3.amsl.com (Postfix) with ESMTP id A7F133A6D19 for <http-state@ietf.org>; Thu, 6 Jan 2011 18:16:39 -0800 (PST)
Received: by gwj17 with SMTP id 17so9110816gwj.31 for <http-state@ietf.org>; Thu, 06 Jan 2011 18:18:46 -0800 (PST)
Received: by 10.150.181.18 with SMTP id d18mr1862998ybf.46.1294366726084; Thu, 06 Jan 2011 18:18:46 -0800 (PST)
Received: from mail-iw0-f172.google.com (mail-iw0-f172.google.com [209.85.214.172]) by mx.google.com with ESMTPS id i39sm809798yhd.11.2011.01.06.18.18.44 (version=SSLv3 cipher=RC4-MD5); Thu, 06 Jan 2011 18:18:44 -0800 (PST)
Received: by iwn40 with SMTP id 40so17896568iwn.31 for <http-state@ietf.org>; Thu, 06 Jan 2011 18:18:43 -0800 (PST)
Received: by 10.231.19.138 with SMTP id a10mr8794178ibb.127.1294366723406; Thu, 06 Jan 2011 18:18:43 -0800 (PST)
MIME-Version: 1.0
Received: by 10.231.11.140 with HTTP; Thu, 6 Jan 2011 18:18:13 -0800 (PST)
In-Reply-To: <081f01cbae10$706f6750$514e35f0$@packetizer.com>
References: <AANLkTinK+2sfe4UZLKF5G0MLrQ6es2BfTHwtT769sgSM@mail.gmail.com> <07d501cbadf0$31e13470$95a39d50$@packetizer.com> <AANLkTi=M7ZW2FGtV6okTOswiS3sQPM8O07xhF6ifMwVK@mail.gmail.com> <081f01cbae10$706f6750$514e35f0$@packetizer.com>
From: Adam Barth <ietf@adambarth.com>
Date: Thu, 06 Jan 2011 18:18:13 -0800
Message-ID: <AANLkTikniWbJ1Whw-CWkRXimKqGq8GptS6zNQ56D=kWD@mail.gmail.com>
To: "Paul E. Jones" <paulej@packetizer.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: http-state@ietf.org
Subject: Re: [http-state] The Domain attribute (was Re: I-D Action:draft-ietf-httpstate-cookie-20.txt)
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Jan 2011 02:16:41 -0000
On Thu, Jan 6, 2011 at 6:13 PM, Paul E. Jones <paulej@packetizer.com> wrote: >> > The empty string is also used in this example: >> > Set-Cookie: lang=; Expires=Sun, 06 Nov 1994 08:49:37 GMT >> >> Why is that? The "lang" attribute has not been defined, so the valid >> values for the lang attribute certainly haven't been defined. >> >> > For this reason, this might be another area where we need to consider >> > a syntax change: >> > cookie-pair = cookie-name "=" cookie-value cookie-name = >> > token cookie-value = token | "" >> > ^^^^^ >> >> I would not recommend that servers send empty attribute values. >> That's just asking for interoperability problems. > > But, "lang" is sent in the above example as an empty string. Thus, this > should be the definition of "cookie-value": > cookie-value = token | "" > > As the text is current written, I think this is illegal: > Set-Cookie: lang=; Expires=Sun, 06 Nov 1994 08:49:37 GMT Oh, sorry, got confused. Empty strings should be allowed for cooke-values but not for attribute-values. Adam >> > In any case, I don't have a strong preference and if the group wants >> > to change the syntax. That's OK. It just seems allowing an empty >> > string for "Domain" is more consistent with the text than not. >> >> More consistent with what text? The text in the User Agent Requirements >> section is for user agents and not for servers. You're talking about >> what's useful for syntax for servers to generate. It's not useful for >> servers to generate empty Domain attributes. Instead of generating an >> empty Domain attribute, they ought to simply omit the Domain attribute. > > OK, that's a good argument. :-) > > Paul > >
- [http-state] The Domain attribute (was Re: I-D Ac… Adam Barth
- Re: [http-state] The Domain attribute (was Re: I-… Paul E. Jones
- Re: [http-state] The Domain attribute (was Re: I-… Adam Barth
- Re: [http-state] The Domain attribute (was Re: I-… Paul E. Jones
- Re: [http-state] The Domain attribute (was Re: I-… Adam Barth