Yesterday, "Marc Salomon" <marc@ckm.ucsf.edu>, asked whether cookies should appear in HEAD requests/responses. In a mental haze I gave too glib (and incorrect) an answer. I apologize for the lapse. While state-mgmt-02 could be clearer on this, ... 1) Sect. 4.2: "The origin server initiates a session, if it so desires.... To initiate a session, the origin server returns an extra response header to the client, Set-Cookie." That is, the server can send a Set-Cookie with any response, even error responses. 2) Sect. 4.3.4: "When it sends a request to an origin server, the user agent sends a Cookie request header to the origin server if has cookies that are applicable to the request, based on [three conditions]." That is, the user agent sends the Cookie header with any request that satisfies the conditions. Dave KristolReceived on Wednesday, 19 June 1996 06:24:25 EDT
This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:32:04 EDT