Re: draft-ietf-http-state-mgmt-01.txt LAST CALL

Yesterday, "Marc Salomon" <>, asked whether cookies
should appear in HEAD requests/responses.  In a mental haze I gave too
glib (and incorrect) an answer.  I apologize for the lapse.

While state-mgmt-02 could be clearer on this, ...

1) Sect. 4.2: "The origin server initiates a session, if it so desires....
To initiate a session, the origin server returns an extra response header
to the client, Set-Cookie."

That is, the server can send a Set-Cookie with any response, even error

2) Sect. 4.3.4:  "When it sends a request to an origin server, the user
agent sends a Cookie request header to the origin server if has cookies
that are applicable to the request, based on [three conditions]."

That is, the user agent sends the Cookie header with any request that
satisfies the conditions.

Dave Kristol

Received on Wednesday, 19 June 1996 06:24:25 UTC