- From: Dave Kristol <dmk@research.bell-labs.com>
- Date: Mon, 24 Mar 97 17:50:22 EST
- To: yarong@microsoft.com
- Cc: http-wg@cuckoo.hpl.hp.com
Yaron Goland <yarong@microsoft.com> wrote: > I must be going dense but the section stating "Reject cookie if there is > a port-list and the original connection was not to a listed port." > confuses me. It sounds like something I agree w/but I'm not clear on > what it means. > > If a set-cookie2 with a port list comes down and is accepted and then a > second set-cookie2 comes down, which matches the first cookie, but isn't > from the right port, the second set-cookie2 is to be ignored? Here's the idea: 1) UA connects to foo.com, port 80. 2) Server sends Set-Cookie2: x=y; Port="8000" 3) UA rejects the cookie, because port 80, the port for the request, does not match any of the ports in the Port= attribute of Set-Cookie2. Dave Kristol
Received on Monday, 24 March 1997 14:55:16 UTC