- From: Koen Holtman <koen@win.tue.nl>
- Date: Fri, 21 Feb 1997 22:32:45 +0100 (MET)
- To: Dave Kristol <dmk@research.bell-labs.com>
- Cc: yarong@microsoft.com, http-wg@cuckoo.hpl.hp.com
Dave Kristol: > >Yaron Goland <yarong@microsoft.com> wrote: > > The new cookie draft's backwards compatibility mechanism depends upon > > the way that Netscape handles illegally formatted cookies, specifically > > cookies with multiple NAME=VALUE pairs (where I use NAME=VALUE as given > > >in http://home.netscape.com/newsref/std/cookie_spec.html). Netscape choose to > >I disagree that these are "illegally formatted cookies". For the record, I agree with Yaron that these are indeed illegally formatted cookies according to NS's original specification. I too think that the current errata are incorrect, and possibly insulting, in saying that `MSIE sends back the wrong cookie name and value'. [....] >Almost a year ago we discussed introducing a new header for "new >cookies" but decided against it. As far as I recall, we thought at the time that we had a working compatibility hack which allowed use of the old header. We now know we were wrong. We tried to save some bytes where we couldn't. I think there is nothing technically wrong with the Set-Cookie-V1 alternative to the current compatibility scheme. Bytes saved are not that big an issue here: you don't often need to set a cookie. I see lots of servers which send a Set-Cookie header much more often than they really have to. If server authors tell us that they prefer some form of Set-Cookie-V1 to the current compatibility scheme, then I'd prefer to have Set-Cookie-V1, if it can be had without horrible procedural side-effects. >Dave Kristol Koen.
Received on Friday, 21 February 1997 13:34:13 UTC