cookie-radius / http-equiv="cookie"
Rafal Pietrak <cookie.rp@ztk-rp.eu> Wed, 13 October 2021 07:41 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF66C3A14FD for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 13 Oct 2021 00:41:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.897
X-Spam-Level:
X-Spam-Status: No, score=-2.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1Zb6AUJmgJsF for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 13 Oct 2021 00:41:35 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B6F2B3A1150 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 13 Oct 2021 00:41:35 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.92) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1maYqL-0000uI-7s for ietf-http-wg-dist@listhub.w3.org; Wed, 13 Oct 2021 07:38:29 +0000
Resent-Date: Wed, 13 Oct 2021 07:38:29 +0000
Resent-Message-Id: <E1maYqL-0000uI-7s@lyra.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by lyra.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <cookie.rp@ztk-rp.eu>) id 1maYqK-0000tT-1n for ietf-http-wg@listhub.w3.org; Wed, 13 Oct 2021 07:38:28 +0000
Received: from sm.strop.com.pl ([83.17.179.219]) by mimas.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <cookie.rp@ztk-rp.eu>) id 1maYqH-0003dN-Sy for ietf-http-wg@w3.org; Wed, 13 Oct 2021 07:38:27 +0000
Received: from zorro.ztk-rp.eu ([::ffff:193.239.82.149]) (TLS: TLS1.2,256bits,ECDHE_RSA_AES_256_GCM_SHA384) by sm.strop.com.pl with ESMTPS; Wed, 13 Oct 2021 09:38:07 +0200 id 0000000000001D2F.0000000061668CDF.000066BC
Received: from [192.168.1.77] (port=41784) by zorro.ztk-rp.eu with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from <cookie.rp@ztk-rp.eu>) id 1maYpw-007fUC-4N for ietf-http-wg@w3.org; Wed, 13 Oct 2021 09:38:07 +0200
To: HTTP Working Group <ietf-http-wg@w3.org>
From: Rafal Pietrak <cookie.rp@ztk-rp.eu>
Message-ID: <71e434cf-8e20-246a-5a21-f161710363bd@ztk-rp.eu>
Date: Wed, 13 Oct 2021 09:38:03 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.12.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-SA-Exim-Connect-IP: 192.168.1.77
X-SA-Exim-Mail-From: cookie.rp@ztk-rp.eu
X-SA-Exim-Version: 4.2.1 (built Sat, 13 Feb 2021 17:57:42 +0000)
X-SA-Exim-Scanned: Yes (on zorro.ztk-rp.eu)
Received-SPF: unknown (IP address lookup failed.) SPF=FROM; sender=cookie.rp@ztk-rp.eu; remoteip=::ffff:193.239.82.149; remotehost=; helo=zorro.ztk-rp.eu; receiver=sm.strop.com.pl;
Received-SPF: pass client-ip=83.17.179.219; envelope-from=cookie.rp@ztk-rp.eu; helo=sm.strop.com.pl
X-W3C-Hub-Spam-Status: No, score=-3.9
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1maYqH-0003dN-Sy 1c4179e699b8abf990d47a7f6206f3a0
X-Original-To: ietf-http-wg@w3.org
Subject: cookie-radius / http-equiv="cookie"
Archived-At: <https://www.w3.org/mid/71e434cf-8e20-246a-5a21-f161710363bd@ztk-rp.eu>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/39463
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Dear Everybody, Some time ago I've drafted a proposal for cookie-radius (https://datatracker.ietf.org/doc/draft-pietrak-cookie-scope/). This was not received well, so I've decided not to press the matter. But, since then I've learned, that there is a (currently depreciated) http-equiv.set-cookie <meta> tag attribute. Since this was implemented in most browsers, may be an improved definition of it's semantics could make it useful again. This is what would be needed for the purpose of my initial usage scenario of cookie-radius: 1. the http-equiv word should not read "set-cookie", but should be just "cookie" to stand out from historic implementations. 2. this particular <meta> tag should be filtered away by "show-source" browser command (as an optional feature, not required for its purpose). 3. the cookie value provided by this <meta> MUST NOT be attached to any content that is automatically retrieved by a page download-completion process ... meaning: this particular cookie should NOT be used (available to the browser) until the entire page and it's content is fully downloaded. 4. the cookie should (MUST) be included to all the requests, that the browser make in consequence of any user action (a click, or a tap, or an ajax action) WITHIN this page. Action that results in any network request to the same host (an ONLY to the same host). 5. the cookie defined in a <meta http-equiv="cookie"> MUST NOT be shared among windows or tabs. It MUST be available ONLY to the clicks on a page that received this <meta>. I would appreciate any opinions on such proposal. With best regards, -- RafaĆ Pietrak
- cookie-radius / http-equiv="cookie" Rafal Pietrak
- Re: cookie-radius / http-equiv="cookie" Amos Jeffries
- Re: cookie-radius / http-equiv="cookie" Rafal Pietrak