W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1997

RE: cookie Port summary

From: Yaron Goland <yarong@microsoft.com>
Date: Mon, 24 Mar 1997 15:59:20 -0800
Message-Id: <11352BDEEB92CF119F3F00805F14F485026B7286@RED-44-MSG.dns.microsoft.com>
To: "'dmk@research.bell-labs.com'" <dmk@research.bell-labs.com>
Cc: http-wg@cuckoo.hpl.hp.com
AHHHHHHHH.. I understand. Thanks for the clarification.

In that case, I too completely buy off on PORT.

		Yaron

> -----Original Message-----
> From:	dmk@research.bell-labs.com [SMTP:dmk@research.bell-labs.com]
> Sent:	Monday, March 24, 1997 2:50 PM
> To:	Yaron Goland
> Cc:	http-wg@cuckoo.hpl.hp.com
> Subject:	RE: cookie Port summary
> 
> Yaron Goland <yarong@microsoft.com> wrote:
> 
>   > I must be going dense but the section stating "Reject cookie if
> there is
>   > a port-list and the original connection was not to a listed port."
>   > confuses me. It sounds like something I agree w/but I'm not clear
> on
>   > what it means.
>   > 
>   > If a set-cookie2 with a port list comes down and is accepted and
> then a
>   > second set-cookie2 comes down, which matches the first cookie, but
> isn't
>   > from the right port, the second set-cookie2 is to be ignored?
> 
> Here's the idea:
> 
> 1) UA connects to foo.com, port 80.
> 2) Server sends Set-Cookie2: x=y; Port="8000"
> 3) UA rejects the cookie, because port 80, the port for the request,
> does not match any of the ports in the Port= attribute of Set-Cookie2.
> 
> Dave Kristol
Received on Monday, 24 March 1997 18:22:02 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:32:33 EDT