- From: Dave Kristol <dmk@research.bell-labs.com>
- Date: Mon, 5 May 97 14:43:43 EDT
- To: http-state@lists.research.bell-labs.com, http-wg@cuckoo.hpl.hp.com
- Cc: stark@commerce.net
[Just a reminder to http-wg folks: discussions of HTTP state management, aka "cookies", have moved to the http-state mailing list. Details are at <http://www.bell-labs.com/mailing-lists/http-state/>. I'm sending this announcement to both http-state and http-wg because I see that several past active contributors have not yet joined http-state.] I've submitted a new cookie I-D, draft-ietf-http-state-man-mec-01. For details, visit <http://portal.research.bell-labs.com/~dmk/cookie.html>. Versions with change bars from RFC 2109 and state-man-mec-00 can be reached by following the "evolution" link near the bottom of that page. The new draft contains the specification of the Port attribute that got discussed awhile back. I *did not* add CommentURL, although I thought about it. Even though the general idea is attractive, I see lots of potential problems. I invite Jonathan Stark to give a more detailed specification. Some of the things that concern me are: - should the Content-Type of the page be restricted? What if the CommentURL is executable code? - must there be a relation between the domain of the CommentURL and the Domain of the cookie that contains it? (Can www.a.com send CommentURL="http://www.b.com/"?) Dave Kristol
Received on Monday, 5 May 1997 11:50:38 UTC