W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1997

Re: errata for cookie spec

From: Koen Holtman <koen@win.tue.nl>
Date: Thu, 13 Feb 1997 20:40:21 +0100 (MET)
Message-Id: <199702131940.UAA02549@wsooti08.win.tue.nl>
To: Dave Kristol <dmk@research.bell-labs.com>
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, www-talk@www10.w3.org
Dave Kristol:
>
>Visit http://portal.research.bell-labs.com/~dmk/cookie.html for
>links to the basic spec. and the errata.
>
>I welcome comments to the spec. or to the errata.

Hi Dave,

Two small comments on the errata:

1. The section `Compatibility with MS's implementation' states the problem,
but no solution.  I'd prefer it if you append something like

 Therefore, servers should be careful in sending complex cookies that use
 this specification to legacy HTTP/1.0 user agents.  If an unknown HTTP/1.0
 user agent is encountered, a server can determine its compatibility with
 this specification by first returning a response which sets a simple
 non-persistent cookie, and then examining the cookie header of any
 subsequent request.


2. Benjamin Franz noted an ambiguity which could be interpreted in a
perverse way.  In the following part of section 4.3.5:

 When it makes an unverifiable transaction, a user agent must enable a
 session only if a cookie with a domain attribute D was sent or received
                                                                ^^^^^^^^  
 in its origin transaction, such that the host name in the Request-URI of
 the unverifiable transaction domain-matches D.

`received' really means `recieved and not rejected'.  So it is better to
replace `recieved' by `accepted'.

>Dave Kristol

Koen.
Received on Thursday, 13 February 1997 11:47:45 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:32:26 EDT