W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1997

Re: The state of cookies

From: Lou Montulli <montulli@strumpet.mcom.com>
Date: Mon, 03 Mar 1997 22:13:24 -0800
Message-Id: <331BBD84.107F@netscape.com>
To: Dave Kristol <dmk@research.bell-labs.com>
Cc: masinter@parc.xerox.com, http-wg@cuckoo.hpl.hp.com
Dave Kristol wrote:
> 
> Larry Masinter <masinter@parc.xerox.com> wrote:
>   > Can someone please write a short, self-contained
>   > description of what in RFC 2109 is technically "broken"?
>   > Why it is that vendors can't just implement the "proposed
>   > standard" as a hotfix or patch or in their next release?
> 
> See draft-ietf-http-state-mgmt-errata-00.txt.  The relevant section
> [edited by me for this email] says:
> 
>      Microsoft Internet Explorer (MSIE) Version 3 and earlier will
>      fail to handle some cookies that use this specification.  For
>      example, if a server sends the following response header to MSIE V3
>      (omitting the line breaks):
> 
>      Set-cookie: xx="1=2&3-4";
>          Comment="blah";
>          Version=1; Max-Age=15552000; Path=/;
>          Expires=Sun, 27 Apr 1997 01:16:23 GMT
> 
>      then MSIE V3 will send something like the following request header
>      next time:
> 
>          Cookie: Max-Age=15552000
> 
>      instead of [what Netscape's implementation would have returned]:
> 
>          Cookie: xx="1=2&3-4"
> 

I thought the problem was that MSIE would send back _both_
cookie: xx="1=2&3-4"; Max-Age=15552000

If that's the case, why can't we just note that in the
spec and tell implementors to ignore any cookies named
"max-age"?  Since it will only effect people who try
to use the new spec they can deal with the problem gracefully.

:lou
Received on Monday, 3 March 1997 22:17:55 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:32:30 EDT