W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1997

Re: cookie Port summary

From: Dave Kristol <dmk@research.bell-labs.com>
Date: Mon, 24 Mar 97 16:48:12 EST
Message-Id: <9703242148.AA04856@zp>
To: gjw@wnetc.com
Cc: http-wg@cuckoo.hpl.hp.com
"Gregory J. Woodhouse" <gjw@wnetc.com> wrote:
  > > [DMK]
  > > 2) Semantics
  > > Reject cookie if there is a port-list and the original connection was
  > > not to a listed port.
  > >
  > 
  > Even for port 80? I'm not saying this is incorrect, but it is
  > non-intuituve, and will likely confuse a lot of people. Remember, people
  > may wish to share cookies across port 80 and (say) port 8080 and may
  > assume they only have to include 8080 in the port list.
  > 
  > On the other hand, it would certainly be useful to exclude port 80. I
  > don't know.

Even for port 80.  Not all servers run on port 80.  If port-list included
port 80 implicitly, there would be no way to exclude it.  Cookies emitted
from port 8000 would leak to port 80.

Dave Kristol
Received on Monday, 24 March 1997 13:52:31 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:32:33 EDT