- From: Yaron Goland <yarong@microsoft.com>
- Date: Mon, 24 Mar 1997 15:59:20 -0800
- To: "'dmk@research.bell-labs.com'" <dmk@research.bell-labs.com>
- Cc: http-wg@cuckoo.hpl.hp.com
AHHHHHHHH.. I understand. Thanks for the clarification. In that case, I too completely buy off on PORT. Yaron > -----Original Message----- > From: dmk@research.bell-labs.com [SMTP:dmk@research.bell-labs.com] > Sent: Monday, March 24, 1997 2:50 PM > To: Yaron Goland > Cc: http-wg@cuckoo.hpl.hp.com > Subject: RE: cookie Port summary > > Yaron Goland <yarong@microsoft.com> wrote: > > > I must be going dense but the section stating "Reject cookie if > there is > > a port-list and the original connection was not to a listed port." > > confuses me. It sounds like something I agree w/but I'm not clear > on > > what it means. > > > > If a set-cookie2 with a port list comes down and is accepted and > then a > > second set-cookie2 comes down, which matches the first cookie, but > isn't > > from the right port, the second set-cookie2 is to be ignored? > > Here's the idea: > > 1) UA connects to foo.com, port 80. > 2) Server sends Set-Cookie2: x=y; Port="8000" > 3) UA rejects the cookie, because port 80, the port for the request, > does not match any of the ports in the Port= attribute of Set-Cookie2. > > Dave Kristol
Received on Monday, 24 March 1997 18:22:02 UTC