W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1997

RE: cookie Port summary

From: Dave Kristol <dmk@research.bell-labs.com>
Date: Mon, 24 Mar 97 17:50:22 EST
Message-Id: <9703242250.AA06069@zp>
To: yarong@microsoft.com
Cc: http-wg@cuckoo.hpl.hp.com
Yaron Goland <yarong@microsoft.com> wrote:

  > I must be going dense but the section stating "Reject cookie if there is
  > a port-list and the original connection was not to a listed port."
  > confuses me. It sounds like something I agree w/but I'm not clear on
  > what it means.
  > 
  > If a set-cookie2 with a port list comes down and is accepted and then a
  > second set-cookie2 comes down, which matches the first cookie, but isn't
  > from the right port, the second set-cookie2 is to be ignored?

Here's the idea:

1) UA connects to foo.com, port 80.
2) Server sends Set-Cookie2: x=y; Port="8000"
3) UA rejects the cookie, because port 80, the port for the request,
does not match any of the ports in the Port= attribute of Set-Cookie2.

Dave Kristol
Received on Monday, 24 March 1997 14:55:16 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:32:33 EDT