Re: Proposal: Cookie Priorities

Mike West <mkwst@google.com> Mon, 07 March 2016 12:31 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 968DF1B403F for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 7 Mar 2016 04:31:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.38
X-Spam-Level:
X-Spam-Status: No, score=-6.38 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z2f37YkPLgFM for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 7 Mar 2016 04:31:13 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B00721B4037 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 7 Mar 2016 04:31:13 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1acuE2-0004im-VG for ietf-http-wg-dist@listhub.w3.org; Mon, 07 Mar 2016 12:25:26 +0000
Resent-Date: Mon, 07 Mar 2016 12:25:26 +0000
Resent-Message-Id: <E1acuE2-0004im-VG@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <mkwst@google.com>) id 1acuDx-0004i5-BH for ietf-http-wg@listhub.w3.org; Mon, 07 Mar 2016 12:25:21 +0000
Received: from mail-lb0-f182.google.com ([209.85.217.182]) by lisa.w3.org with esmtps (TLS1.2:RSA_ARCFOUR_SHA1:128) (Exim 4.80) (envelope-from <mkwst@google.com>) id 1acuDv-0001F3-JK for ietf-http-wg@w3.org; Mon, 07 Mar 2016 12:25:20 +0000
Received: by mail-lb0-f182.google.com with SMTP id x1so127971308lbj.3 for <ietf-http-wg@w3.org>; Mon, 07 Mar 2016 04:24:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=qPFVzAeDhSnZNs0ZGjh4/ZEG83lc/mIrczCXcLWh/A8=; b=DCg5oz71GX4dmH48LgdXOlNKkEsjE69PTyFcNEm0N9Ha8A7wUvqLU+77Q4lgGpKDbj Ocp+4mQ//lA/u56t2Jss4vJXmA2qmarTyitB49Y8tvEblCxPKltGDtAbyVzym3Fea8/b 3EtGD6DMn10vYcs119fTZk3OmURg0jx+3PDSGKF3AbIk9ez1piTYZ6BBIr+uDnW5VDcz /WkBQeNNLyTyCMXOxczzCJ2efCwmha4f+IFOdZOVjbsKlYRozmpd24yqcBRvDPFnm8nu x45lZ9aEvTRD8PRVW10YIPlp87BA1g1iHVB5X2ag20KnVdu1xzlT/28VqVwY7ps8QBF7 g2FQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=qPFVzAeDhSnZNs0ZGjh4/ZEG83lc/mIrczCXcLWh/A8=; b=dg9Kg0Q7+sClPcECYm6GLGT8bKiAWGTPn1LhZaKEk8cDkVlmJhLy/S6ADz27n88KQQ ZdfieIv8Gik1qAbrVwdeL4FGJ5rEc/iSn3c5kqz+ESvJZcokDJ4e1my+WviH6zzkAP4L 4L+qfuQE/vBW2Ab8noqxcM8yT688ENnjZPeeTm88a2t0LC09d2QPSc+FhbuE3JYn3chY MulMI4g46al33epA64l0PA7dRcPsq0rYkEPwrkDI4mfOI7RaYZdy681Ett0ZRvYYCxAw U0aZWlRh0uQnlk3pBzrbBV6f8P9nKnT+cveaQfhqQDhbKQCJSnr3ftO9fXTV7+iVtl7H 9d8w==
X-Gm-Message-State: AD7BkJL1yzu2Jcernc7cPXcjGJElPpWxaRSzxO2iRLLhEVojKzJVnY7oKPh/Aig7mrtG19RTq6ssdXy3BiJb3eu6
X-Received: by 10.25.211.141 with SMTP id k135mr7726775lfg.164.1457353492445; Mon, 07 Mar 2016 04:24:52 -0800 (PST)
MIME-Version: 1.0
Received: by 10.112.147.38 with HTTP; Mon, 7 Mar 2016 04:24:32 -0800 (PST)
In-Reply-To: <alpine.DEB.2.20.1603071300010.25615@tvnag.unkk.fr>
References: <CAKXHy=dvxE5f25_xx3mKTc+XRDU_Hp=uFDy-iL-_c0s+xHGydw@mail.gmail.com> <alpine.DEB.2.20.1603070855070.25615@tvnag.unkk.fr> <CAKXHy=fZkRnThojTU8V9s-Vyps8jG3xOTEF-yKrDs9cqh546mg@mail.gmail.com> <alpine.DEB.2.20.1603071033570.25615@tvnag.unkk.fr> <CAKXHy=fTSzgYJaj8P7HkofzKfhx-JEt8SJkxriz8dqmM99Tb_g@mail.gmail.com> <alpine.DEB.2.20.1603071113470.25615@tvnag.unkk.fr> <alpine.DEB.2.20.1603071300010.25615@tvnag.unkk.fr>
From: Mike West <mkwst@google.com>
Date: Mon, 07 Mar 2016 13:24:32 +0100
Message-ID: <CAKXHy=cY+i9mykHDH=MMMXGPTEGu4L6iwtEcXL55YJ_4sx9i_A@mail.gmail.com>
To: Daniel Stenberg <daniel@haxx.se>
Cc: HTTP Working Group <ietf-http-wg@w3.org>, Samuel Huang <huangs@google.com>, Mark Nottingham <mnot@mnot.net>
Content-Type: multipart/alternative; boundary="001a11402d203b0b48052d748d6b"
Received-SPF: pass client-ip=209.85.217.182; envelope-from=mkwst@google.com; helo=mail-lb0-f182.google.com
X-W3C-Hub-Spam-Status: No, score=-7.9
X-W3C-Hub-Spam-Report: AWL=1.838, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: lisa.w3.org 1acuDv-0001F3-JK 2aae1703930dda9f7ee36d87bc2d5d25
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Proposal: Cookie Priorities
Archived-At: <http://www.w3.org/mid/CAKXHy=cY+i9mykHDH=MMMXGPTEGu4L6iwtEcXL55YJ_4sx9i_A@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/31217
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On Mon, Mar 7, 2016 at 1:09 PM, Daniel Stenberg <daniel@haxx.se> wrote:

> On Mon, 7 Mar 2016, Daniel Stenberg wrote:
>
> I was actually thinking of the case when 'Priority=High' or 'Priority=Low'
>> is used for an existing cookie, but I think I spoke up a little too early
>> about that since in the case of only one 'Priority' and no (other) cookie
>> name, it should indeed be distinguishable.
>>
>
> (sorry for replying to myself)
>
> ...execept for older clients that don't know about these cookie priorities
> of course. For those, they will appear as duplicate cookie names in the
> headers and will most likely cause problems to legacy client-side
> implementations.
>
> libcurl will treat "Set-Cookie: Priority=Low; favcolor=blue" as a cookie
> named 'Priority' and discard the favcolor part. Reversing the string order
> will make it store 'favcolor' instead. Most surely other implementations
> will act differently.
>
> Thus, a server needs to know if the client supports Priority cookies
> before it can reliably send them.


I'm confused. Are there clients that process things in the reverse order
from what RFC6265 lays out?

I mean, according to the algorithm I quoted in the previous response,
`Priority=Low; favcolor=blue` _is_ a cookie named `Priority`. Just like
`Max-Age=1; favcolor=blue` is a cookie named `Max-Age` today. I think
that's the way browsers process cookies today. Does `curl` do things
differently?

-mike