W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: Cookie crumbling

From: James M Snell <jasnell@gmail.com>
Date: Tue, 22 Oct 2013 09:45:12 -0700
Message-ID: <CABP7Rbfi1VPn+EDMFYsrABk5jLo4f3XCnh-S39V8x1Bxid6Lfg@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Cc: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>, Roberto Peon <grmocg@gmail.com>
On Tue, Oct 22, 2013 at 9:39 AM, Martin Thomson
<martin.thomson@gmail.com> wrote:
> On 22 October 2013 09:33, Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com> wrote:
>> I think the intermediary in this case cannot restore the reordering of the
>> cookie as the browser sent them.
>
> The order is canonical.
>
>        *  Cookies with longer paths are listed before cookies with
>           shorter paths.
>
>        *  Among cookies that have equal-length path fields, cookies with
>           earlier creation-times are listed before cookies with later
>           creation-times.
>
> It's trivially possible to recreate a canonical form.
>

This needs to be documented quickly in the spec. I suspect that there
are many implementers out there who may miss this subtle detail.

- James
Received on Tuesday, 22 October 2013 16:45:59 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:18 UTC