- From: Lou Montulli <montulli@strumpet.mcom.com>
- Date: Mon, 03 Mar 1997 22:13:24 -0800
- To: Dave Kristol <dmk@research.bell-labs.com>
- Cc: masinter@parc.xerox.com, http-wg@cuckoo.hpl.hp.com
Dave Kristol wrote: > > Larry Masinter <masinter@parc.xerox.com> wrote: > > Can someone please write a short, self-contained > > description of what in RFC 2109 is technically "broken"? > > Why it is that vendors can't just implement the "proposed > > standard" as a hotfix or patch or in their next release? > > See draft-ietf-http-state-mgmt-errata-00.txt. The relevant section > [edited by me for this email] says: > > Microsoft Internet Explorer (MSIE) Version 3 and earlier will > fail to handle some cookies that use this specification. For > example, if a server sends the following response header to MSIE V3 > (omitting the line breaks): > > Set-cookie: xx="1=2&3-4"; > Comment="blah"; > Version=1; Max-Age=15552000; Path=/; > Expires=Sun, 27 Apr 1997 01:16:23 GMT > > then MSIE V3 will send something like the following request header > next time: > > Cookie: Max-Age=15552000 > > instead of [what Netscape's implementation would have returned]: > > Cookie: xx="1=2&3-4" > I thought the problem was that MSIE would send back _both_ cookie: xx="1=2&3-4"; Max-Age=15552000 If that's the case, why can't we just note that in the spec and tell implementors to ignore any cookies named "max-age"? Since it will only effect people who try to use the new spec they can deal with the problem gracefully. :lou
Received on Monday, 3 March 1997 22:17:55 UTC