W3C home > Mailing lists > Public > public-webapi@w3.org > May 2006

Re: cookies and XMLHttpRequest

From: David Flanagan <david@davidflanagan.com>
Date: Mon, 15 May 2006 16:54:07 -0700
Message-ID: <4469149F.4030404@davidflanagan.com>
To: Anne van Kesteren <annevk@opera.com>
CC: Jonas Sicking <jonas@sicking.cc>, "Web APIs WG (public)" <public-webapi@w3.org>

Anne,

Perhaps you did not see my response to Jonas' message:

> 
> So then you just need to add something to the spec that makes it perfectly clear that XMLHttpRequest scripts the HTTP subsystem of the UA, and does not create its own network connections and implement rudimentary HTTP itself...
> 
> Perhaps you could add a note of this sort to the spec for getAllRequestHeaders() something saying that the UA sees these and processes them as it would for an HTTP request initiated by the end user.

My original point was simply that there is a non-parallelism in the spec 
as it stands now.  Outgoing cookies are explicitly addressed, but 
incoming cookies are not.  If you make it clear that XMLHttpRequest uses 
the HTTP facilities of the UA, then that would satisfy me.


Anne van Kesteren wrote:
> On Mon, 24 Apr 2006 07:15:01 +0200, Jonas Sicking <jonas@sicking.cc> wrote:
> 
>>>  What I meant, however, was that you need to specify that the 
>>> browser  must/should/should not store cookies sent with the response 
>>> to an  XMLHttpRequest.
>>
>>
>> I'm not sure that we actually need to specify this. A UA supporting  
>> cookies should use them in any and all http transfers. If we go and  
>> specify how every possible web feature interact with XHR we're never  
>> going to get done.
> 
> 
> I tend to agree. David, what do you think?
> 
> 
Received on Monday, 15 May 2006 23:54:20 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:18:55 GMT