- From: Dave Kristol <dmk@allegra.att.com>
- Date: Wed, 19 Jun 96 09:15:07 EDT
- To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, marc@ckm.ucsf.edu
- Cc: masinter@parc.xerox.com, montulli@mozilla.com
Yesterday, "Marc Salomon" <marc@ckm.ucsf.edu>, asked whether cookies should appear in HEAD requests/responses. In a mental haze I gave too glib (and incorrect) an answer. I apologize for the lapse. While state-mgmt-02 could be clearer on this, ... 1) Sect. 4.2: "The origin server initiates a session, if it so desires.... To initiate a session, the origin server returns an extra response header to the client, Set-Cookie." That is, the server can send a Set-Cookie with any response, even error responses. 2) Sect. 4.3.4: "When it sends a request to an origin server, the user agent sends a Cookie request header to the origin server if has cookies that are applicable to the request, based on [three conditions]." That is, the user agent sends the Cookie header with any request that satisfies the conditions. Dave Kristol
Received on Wednesday, 19 June 1996 06:24:25 UTC