- From: Koen Holtman <koen@win.tue.nl>
- Date: Mon, 24 Mar 1997 23:13:46 +0100 (MET)
- To: Dave Kristol <dmk@research.bell-labs.com>
- Cc: http-wg@cuckoo.hpl.hp.com
Dave Kristol: > >Here's my summary and elaboration of the proposal for restricting ports >in cookies. [...] >Comments? This works for me. With a little more work the default could be made more secure (i.e. only send to the port it came from) in the pure `new cookie' case. But we are probably stuck with the `send to all ports' default when being compatible with `old cookies' sent in a Set-Cookie without a Set-Cookie2. Some existing sites which continue sessions on secure pages will rely on this less-secure default, I think. >Dave Kristol Koen.
Received on Monday, 24 March 1997 14:16:39 UTC