- From: Dave Kristol <dmk@bell-labs.com>
- Date: Sat, 1 Mar 1997 17:58:45 -0500
- To: Koen Holtman <koen@win.tue.nl>
- Cc: http-wg@cuckoo.hpl.hp.com
At 9:01 PM +0100 3/1/97, Koen Holtman wrote:
>[...]
>>I've spent some time this afternoon trying to work through the cookie
>>spec to change over to a new header (Set-Cookie2). I'd like to remove
>>two warts in the syntax for the Cookie header:
>
>I'd prefer it if you do not make any cosmetic changes to the syntax of
>the Cookie header at this point.
>
>Also, I prefer not to have a Cookie2 header. You can be compatible
>with old servers even if you do not have it.
You can, but it is much messier, I think.
>
>I think the following compatibility scheme is optimal.
>[cases omitted]
The messy part is for a SMG ("new cookie") aware server to distinguish an
old from a new cookie, and it must be able to do so, because it doesn't
know, a priori, what the user agent is going to do when it (UA) gets both
Set-Cookie and Set-Cookie2. Making it possible to distinguish the
responses imposes some warts on the server-side processing. If there were
a Cookie2 header, it becomes trivially easy to tell them apart, and the
specification for Cookie2 can be much cleaner.
Dave Kristol
Received on Saturday, 1 March 1997 15:03:16 UTC