W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1997

RE: Issues with the cookie draft

From: M. Hedlund <hedlund@best.com>
Date: Sat, 22 Mar 1997 08:14:32 -0800 (PST)
To: Yaron Goland <yarong@microsoft.com>
Cc: Dave Kristol <dmk@research.bell-labs.com>, http-wg@cuckoo.hpl.hp.com
Message-Id: <Pine.SGI.3.95.970322080014.12565A-100000@shellx.best.com>

On Sat, 22 Mar 1997, Yaron Goland wrote:
> I'll come up with a rule to handle your cases as soon as you come up
> with a rule to allow me to share cookies across:
> 
> companyname.com
> productname.companyname.com
> version1.productname.companyname.com
> version2.productname.companyname.com
> version3.productname.companyname.com
> 
> The current spec prevents sharing cookies amongst those servers. That
> does not seem terribly reasonable.

I agree that it would be desirable to allow this functionality, and I
concede that we as a group were not able to come up with such a rule (which
I think Lou Montulli also raised as desirable in some cases).  My point
about arbitrariness was that we didn't find a way to determine what was a
company/organization name versus what was a "top"-level domain -- in other
words, the rules that would satisfy the above cases would necessarily fail
to satisfy the cases I listed.

Since one domain-matching method didn't arise to cover both sets of cases,
we decided in favor of the more conservative method -- the one that at
least made a strong attempt to protect users from cookie broadcasting.  Let
me rephrase my challenge: given that we (you and I, at least) seem to agree
that one organizational unit should have the ability to use cookies across
its internal domains, can you propose a domain matching rule that allows
that feature _without_ creating a cookie-broadcast situation (where a
cookie is available to servers outside of the organizational unit)? 

M. Hedlund <hedlund@best.com>
Received on Saturday, 22 March 1997 08:18:53 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:32:32 EDT