- From: Dave Kristol <dmk@research.bell-labs.com>
- Date: Mon, 24 Mar 97 11:26:27 EST
- To: http-wg@cuckoo.hpl.hp.com
Here's my summary and elaboration of the proposal for restricting ports in cookies. Set-Cookie2 1) Syntax: port-attr = "Port" [ "=" <"> 1#port-list <"> ] port-list = decimal-number Note: port-attr is, of course, itself optional. 2) Semantics Reject cookie if there is a port-list and the original connection was not to a listed port. Cookie: 1) Syntax: (Return Port as $Port, with its value as received in Set-Cookie2, if any.) 2) Semantics, based on the Port attribute in Set-Cookie2: - default (no Port) behavior: send cookie to any port - "Port" behavior: send cookie only to port from which it was received - "Port=port-list" behavior: send cookie only to a listed port Note: Port rules apply only after the Domain rules make the cookie otherwise sendable. Comments? Dave Kristol
Received on Monday, 24 March 1997 13:22:18 UTC