W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2008

Re: Set-Cookie vs list header parsing (i129)

From: Dan Winship <dan.winship@gmail.com>
Date: Thu, 28 Aug 2008 09:54:45 -0400
Message-ID: <48B6AE25.8050902@gmail.com>
To: Julian Reschke <julian.reschke@gmx.de>
CC: Brian Smith <brian@briansmith.org>, ietf-http-wg@w3.org

Julian Reschke wrote:
> I don't think that changing things just because some implementations get
> them wrong is on our agenda.

I didn't mean to suggest actually changing the header merging rules.
Maybe I should have said "proxies should not merge" rather than "proxies
SHOULD NOT merge". Advice, not requirements.

Basically, we know that multiple implementations get this section wrong
in different ways (the cookie spec, the WWW-Authenticate bugs, the
ignoring-multiple-header bugs Brian mentioned), so this is a really good
place to "be conservative in what you send" (meaning multiples of
Set-Cookie, WWW-Authenticate, and Proxy-Authenticate, and no multiples
of anything else).

-- Dan
Received on Thursday, 28 August 2008 13:55:29 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:54 GMT