W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: Cookie crumbling

From: Zhong Yu <zhong.j.yu@gmail.com>
Date: Tue, 22 Oct 2013 08:54:26 -0500
Message-ID: <CACuKZqE9LFu7Eo1-FVg84CEhVjp=YHHtcGYaJyfPXG5KFr_LPA@mail.gmail.com>
To: Daniel Stenberg <daniel@haxx.se>
Cc: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>, Martin Thomson <martin.thomson@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>, Roberto Peon <grmocg@gmail.com>
The ordering is apparently arbitrary and nonsensical. Even if the
ordering matters for some servers, it probably only matters within
cookies of the same name. Why would it matter to any server whether
cookie "a" is sent before cookie "b" or after?

On Tue, Oct 22, 2013 at 7:25 AM, Daniel Stenberg <daniel@haxx.se> wrote:
> On Tue, 22 Oct 2013, Tatsuhiro Tsujikawa wrote:
>
>> I'm not really sure how important the cookie ordering today or future
>> though.
>
>
> I fought for us to leave out the sorting from the spec since I believe it is
> wrong and never what was intended. But I "lost" and that sorting is now in
> the cookie RFC.
>
> Clearly there are enough big sites out there that depend on the sorting so
> it won't be easy to just silently remove it. And all browsers sort them
> already. But I also think that cookies are usually sent from browers to the
> server in a single header.
>
> --
>
>  / daniel.haxx.se
>
Received on Tuesday, 22 October 2013 13:54:54 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:18 UTC