Re: errata for cookie spec

Dave Kristol:
>
>  > Two small comments on the errata:
>  > 
>  > 1. The section `Compatibility with MS's implementation' states the problem,
>  > but no solution.  I'd prefer it if you append something like
>  > 
>  >  Therefore, servers should be careful in sending complex cookies that use
>  >  this specification to legacy HTTP/1.0 user agents.  If an unknown HTTP/1.0
>  >  user agent is encountered, a server can determine its compatibility with
>  >  this specification by first returning a response which sets a simple
>  >  non-persistent cookie, and then examining the cookie header of any
>  >  subsequent request.
>
>Okay, but....  Because the cookie spec. is separable from HTTP/1.1, and
>because it will become a standard after HTTP/1.1, there's no assurance
>that even HTTP/1.1 user agents will follow this spec.

Yes, but we only need assurance that HTTP/1.1 agents won't have non-tolerant
cookie header parsers if they follow netscape's spec.  If I understand the
situation correctly, MS will fix their parser in the next release, so they
won't release a 1.1 agent with a non-tolerant parser.

I can't guarantee that there won't be 1.1 agents with non-tolerant parsers,
but it seems a reasonably safe bet.

>  So it might be
>wise to avoid reference to HTTP/1.0.

Maybe.  Feel free to change my suggested text if you think it can be
improved.

>Also, what exactly do you mean by "unknown HTTP/1.0 user agent"?

An agent for which the compatibility level is not known.

I guess my text tries to say too many things with too little words. Please
expand it to make it readable.

>Dave Kristol

Koen.

Received on Friday, 14 February 1997 00:35:10 UTC