- From: David W. Morris <dwm@xpasc.com>
- Date: Fri, 21 Mar 1997 22:20:52 -0800 (PST)
- To: http working group <http-wg@cuckoo.hpl.hp.com>
On Fri, 21 Mar 1997, M. Hedlund wrote:
> On Fri, 21 Mar 1997, Yaron Goland wrote:
> > We can
> > define an attribute "PORT", with no argument. If it is included in a
> > cookie then the cookie may only be returned on the port it was received
> > on, this requirement applies to all domains.
>
> That sounds right.
An alternative ... a PORT attribute whose value is a comman delimited list
of ports on which the cookie may be returned. If the PORT attribute is
omitted, any port is valid. If the value of the PORT attribute is NULL,
then as Yaron suggested, it may only be sent to the port it was received
from. This allows it to be very tight while not excluding a value like
port="80,443"
which would allow sharing beteen the default HTTP and HTTPS ports.
Note: While I am proposing a mechanism to resolve an issue, I don't share
the concern so I will be happy with any solution which allows sharing
between ports.
Dave Morris
Received on Friday, 21 March 1997 22:21:59 UTC