- From: Koen Holtman <koen@win.tue.nl>
- Date: Thu, 13 Feb 1997 20:40:21 +0100 (MET)
- To: Dave Kristol <dmk@research.bell-labs.com>
- Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, www-talk@www10.w3.org
Dave Kristol:
>
>Visit http://portal.research.bell-labs.com/~dmk/cookie.html for
>links to the basic spec. and the errata.
>
>I welcome comments to the spec. or to the errata.
Hi Dave,
Two small comments on the errata:
1. The section `Compatibility with MS's implementation' states the problem,
but no solution. I'd prefer it if you append something like
Therefore, servers should be careful in sending complex cookies that use
this specification to legacy HTTP/1.0 user agents. If an unknown HTTP/1.0
user agent is encountered, a server can determine its compatibility with
this specification by first returning a response which sets a simple
non-persistent cookie, and then examining the cookie header of any
subsequent request.
2. Benjamin Franz noted an ambiguity which could be interpreted in a
perverse way. In the following part of section 4.3.5:
When it makes an unverifiable transaction, a user agent must enable a
session only if a cookie with a domain attribute D was sent or received
^^^^^^^^
in its origin transaction, such that the host name in the Request-URI of
the unverifiable transaction domain-matches D.
`received' really means `recieved and not rejected'. So it is better to
replace `recieved' by `accepted'.
>Dave Kristol
Koen.
Received on Thursday, 13 February 1997 11:47:45 UTC