Here's my summary and elaboration of the proposal for restricting ports in cookies. Set-Cookie2 1) Syntax: port-attr = "Port" [ "=" <"> 1#port-list <"> ] port-list = decimal-number Note: port-attr is, of course, itself optional. 2) Semantics Reject cookie if there is a port-list and the original connection was not to a listed port. Cookie: 1) Syntax: (Return Port as $Port, with its value as received in Set-Cookie2, if any.) 2) Semantics, based on the Port attribute in Set-Cookie2: - default (no Port) behavior: send cookie to any port - "Port" behavior: send cookie only to port from which it was received - "Port=port-list" behavior: send cookie only to a listed port Note: Port rules apply only after the Domain rules make the cookie otherwise sendable. Comments? Dave KristolReceived on Monday, 24 March 1997 13:22:18 UTC
This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:43:01 UTC