RE: cookie Port summary

I must be going dense but the section stating "Reject cookie if there is
a port-list and the original connection was not to a listed port."
confuses me. It sounds like something I agree w/but I'm not clear on
what it means.

If a set-cookie2 with a port list comes down and is accepted and then a
second set-cookie2 comes down, which matches the first cookie, but isn't
from the right port, the second set-cookie2 is to be ignored?

		Yaron

> -----Original Message-----
> From:	dmk@research.bell-labs.com [SMTP:dmk@research.bell-labs.com]
> Sent:	Monday, March 24, 1997 8:26 AM
> To:	http-wg@cuckoo.hpl.hp.com
> Subject:	cookie Port summary
> 
> Here's my summary and elaboration of the proposal for restricting
> ports
> in cookies.
> 
> Set-Cookie2
> 1) Syntax:
> port-attr	=	"Port" [ "=" <"> 1#port-list <"> ]
> port-list	=	decimal-number
> 
> Note:  port-attr is, of course, itself optional.
> 
> 2) Semantics
> Reject cookie if there is a port-list and the original connection was
> not to a listed port.
> 
> Cookie:
> 1) Syntax:
> (Return Port as $Port, with its value as received in Set-Cookie2, if
> any.)
> 
> 2) Semantics, based on the Port attribute in Set-Cookie2:
> 	- default (no Port) behavior:  send cookie to any port
> 	- "Port" behavior:  send cookie only to port from which it was
> received
> 	- "Port=port-list" behavior:  send cookie only to a listed port
> 
> Note:  Port rules apply only after the Domain rules make the cookie
> otherwise
> sendable.
> 
> Comments?
> Dave Kristol

Received on Monday, 24 March 1997 14:40:45 UTC