- From: Koen Holtman <koen@win.tue.nl>
- Date: Thu, 13 Feb 1997 20:40:21 +0100 (MET)
- To: Dave Kristol <dmk@research.bell-labs.com>
- Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, www-talk@www10.w3.org
Dave Kristol: > >Visit http://portal.research.bell-labs.com/~dmk/cookie.html for >links to the basic spec. and the errata. > >I welcome comments to the spec. or to the errata. Hi Dave, Two small comments on the errata: 1. The section `Compatibility with MS's implementation' states the problem, but no solution. I'd prefer it if you append something like Therefore, servers should be careful in sending complex cookies that use this specification to legacy HTTP/1.0 user agents. If an unknown HTTP/1.0 user agent is encountered, a server can determine its compatibility with this specification by first returning a response which sets a simple non-persistent cookie, and then examining the cookie header of any subsequent request. 2. Benjamin Franz noted an ambiguity which could be interpreted in a perverse way. In the following part of section 4.3.5: When it makes an unverifiable transaction, a user agent must enable a session only if a cookie with a domain attribute D was sent or received ^^^^^^^^ in its origin transaction, such that the host name in the Request-URI of the unverifiable transaction domain-matches D. `received' really means `recieved and not rejected'. So it is better to replace `recieved' by `accepted'. >Dave Kristol Koen.
Received on Thursday, 13 February 1997 11:47:45 UTC