W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 1997

Re: Comments on the new cookie draft

From: David W. Morris <dwm@xpasc.com>
Date: Mon, 24 Feb 1997 14:04:02 -0800 (PST)
To: Dave Kristol <dmk@research.bell-labs.com>
Cc: http-wg@cuckoo.hpl.hp.com
Message-Id: <Pine.SOL.3.95.970224132643.24659E-100000@shell1.aimnet.com>
X-Mailing-List: <http-wg@cuckoo.hpl.hp.com> archive/latest/2550

On Mon, 24 Feb 1997, Dave Kristol wrote:

> "David W. Morris" <dwm@xpasc.com> wrote on Fri, 21 Feb 1997 20:03:02 -0800 (PST):
>   > [among other things...]
>   > NOW given that we seem to need a new header for the new cookie format,
>   > could we PLEASE add the ability to mark cookies as both expiring AND NEVER
>   > stored on disk?  In that case, the cookie expires the earlier of
>   > expiration time or when the client shutsdown.
> While I have no objections to this idea, it's the first time I can
> remember its being expressed here.  Did I miss it?

No, I believe you and I discussed the concept briefly at the last IETF but
I believe we concluded it was a future change because of timing and
compatibility concerns between original and 'new' cookies. I brough it up
now because it looked like a new header was needed for setcookie to
resolve other issues so perhaps there was a window of opportunity here.

> Want to suggest a syntax?

sure ... 

add a line to the definition of 'cookie-av':

         | "Nopersist"

defined as:
       Optional. The Nopersist attribute requires that the cookie never be
       retained beyond the lifetime of the current executing instance of
       the user agent. Nopersist is the default when the Max-age attribute
       is not specified. When Nopersist and Max-age is specified, the 
       cookie's lifetime should be the lesser of the two requirements.

I have no particular affinity for "Nopersist" ... another attribute
name would be fine. I didn't include the "don't write to disk" phrase
because the "never be retained" requirement is difficult to  meet in the
face of a system failure and restart and in the end my concern is not
security of the data but rather a consistent state model for the www

Dave Morris
Received on Monday, 24 February 1997 14:09:33 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:43:01 UTC