cookie Port summary

Here's my summary and elaboration of the proposal for restricting ports
in cookies.

1) Syntax:
port-attr	=	"Port" [ "=" <"> 1#port-list <"> ]
port-list	=	decimal-number

Note:  port-attr is, of course, itself optional.

2) Semantics
Reject cookie if there is a port-list and the original connection was
not to a listed port.

1) Syntax:
(Return Port as $Port, with its value as received in Set-Cookie2, if any.)

2) Semantics, based on the Port attribute in Set-Cookie2:
	- default (no Port) behavior:  send cookie to any port
	- "Port" behavior:  send cookie only to port from which it was received
	- "Port=port-list" behavior:  send cookie only to a listed port

Note:  Port rules apply only after the Domain rules make the cookie otherwise

Dave Kristol

Received on Monday, 24 March 1997 13:22:18 UTC