W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: Cookie crumbling

From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 22 Oct 2013 19:58:01 +0200 (CEST)
To: Martin Thomson <martin.thomson@gmail.com>
cc: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>, Roberto Peon <grmocg@gmail.com>
Message-ID: <alpine.DEB.2.00.1310221954380.17401@tvnag.unkk.fr>
On Tue, 22 Oct 2013, Martin Thomson wrote:

> The order is canonical.
>
>       *  Cookies with longer paths are listed before cookies with
>          shorter paths.
>
>       *  Among cookies that have equal-length path fields, cookies with
>          earlier creation-times are listed before cookies with later
>          creation-times.
>
> It's trivially possible to recreate a canonical form.

No.

As Tatsuhiro pointed out, that information is not conveyed in that header sent 
from the client so the sort order is completely impossible for anyone else 
than the client to know. The paths and creation times could've been sent weeks 
ago.

So if you scramble the order, there's actually no way to put them back in the 
correct order.

-- 

  / daniel.haxx.se
Received on Tuesday, 22 October 2013 17:58:30 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:18 UTC