W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1997

Re: Secure cookies survey

From: David W. Morris <dwm@xpasc.com>
Date: Thu, 20 Mar 1997 09:39:00 -0800 (PST)
To: Dave Kristol <dmk@research.bell-labs.com>
Cc: http-wg@cuckoo.hpl.hp.com
Message-Id: <Pine.SOL.3.95.970320093628.16639B-100000@shell1.aimnet.com>


On Thu, 20 Mar 1997, Dave Kristol wrote:

> Here's an inexact application survey:
> 
> Does anyone use, or know of an application that uses, cookies that are
> labeled "Secure"?
> 
> If not, I will consider simply removing "Secure" from the cookie spec.

I know an application which is quite likely to want the unsecure
implication of secure ... that is, set the cookie in a secure response and
have it returned in a non-secure transaction. The application is still in
the prototype phase.

Dave Morris
Received on Thursday, 20 March 1997 09:42:31 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:32:32 EDT