W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2008

RE: Set-Cookie vs list header parsing (i129)

From: Brian Smith <brian@briansmith.org>
Date: Thu, 28 Aug 2008 10:08:09 -0500
To: "'Dan Winship'" <dan.winship@gmail.com>, "'Julian Reschke'" <julian.reschke@gmx.de>
Cc: <ietf-http-wg@w3.org>
Message-ID: <9AD1B6F0AC3A4B569FD6DC1835C501F8@T60>

Dan Winship wrote:
> Julian Reschke wrote:
> > I don't think that changing things just because some 
> > implementations get them wrong is on our agenda.
> 
> I didn't mean to suggest actually changing the header merging rules.
> Maybe I should have said "proxies should not merge" rather 
> than "proxies SHOULD NOT merge". Advice, not requirements.

IMO, that is not much different. "SHOULD" is only used for advise; by
definition it means the same thing as "RECOMMENDED."

> Basically, we know that multiple implementations get this 
> section wrong in different ways (the cookie spec, the 
> WWW-Authenticate bugs, the ignoring-multiple-header bugs 
> Brian mentioned), so this is a really good place to "be 
> conservative in what you send" (meaning multiples of 
> Set-Cookie, WWW-Authenticate, and Proxy-Authenticate, and no 
> multiples of anything else).

I agree 100%.

Dan, you mentioned 3 of the top 4 browsers cannot handle a merged
WWW-Authenticate. Which one got it right?

Thanks,
Brian
Received on Thursday, 28 August 2008 15:08:43 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:54 GMT