W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 1997

cookie Port summary

From: Dave Kristol <dmk@research.bell-labs.com>
Date: Mon, 24 Mar 97 11:26:27 EST
Message-Id: <9703241626.AA29992@zp>
To: http-wg@cuckoo.hpl.hp.com
X-Mailing-List: <http-wg@cuckoo.hpl.hp.com> archive/latest/2852 
Here's my summary and elaboration of the proposal for restricting ports
in cookies.

Set-Cookie2
1) Syntax:
port-attr	=	"Port" [ "=" <"> 1#port-list <"> ]
port-list	=	decimal-number

Note:  port-attr is, of course, itself optional.

2) Semantics
Reject cookie if there is a port-list and the original connection was
not to a listed port.

Cookie:
1) Syntax:
(Return Port as $Port, with its value as received in Set-Cookie2, if any.)

2) Semantics, based on the Port attribute in Set-Cookie2:
	- default (no Port) behavior:  send cookie to any port
	- "Port" behavior:  send cookie only to port from which it was received
	- "Port=port-list" behavior:  send cookie only to a listed port

Note:  Port rules apply only after the Domain rules make the cookie otherwise
sendable.

Comments?
Dave Kristol
Received on Monday, 24 March 1997 13:22:18 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:43:01 UTC