- From: David W. Morris <dwm@xpasc.com>
- Date: Tue, 25 Mar 1997 12:19:03 -0800 (PST)
- To: Dave Kristol <dmk@bell-labs.com>
- Cc: http working group <http-wg@cuckoo.hpl.hp.com>
On Tue, 25 Mar 1997, Dave Kristol wrote:
> David W. Morris wrote:
> >
> > section in the whole document. Why are we requiring UAs to combine
> > the two headers?
> > [...]
> The complaint from some parties was that the NAME=VALUE part of cookies, in
> particular, can be (and already is) quite large. So sending it twice, once
> in Set-Cookie and once in Set-Cookie2 would incur a lot of network traffic.
>
> I agree that sending a completely separate Set-Cookie2 header with its own
> set of values would be much simpler. But the network traffic that results
> was deemed excessive.
I think there are two alternative solutions to mitigate network traffic
for that subset of cookie using application which need to update large
pieces of data:
a. Use out of band informantion such as the User Agent value to decide
which cookie to send
b. Minimize the number of times a cookie is set. Perhaps multiple
cookies with only one needing upate.
c. Restructure the application to maintain more state information
in the server.
d. Once the first cookie is received by the server, it is only
necessary to send one of the two formats. I would speculate that
some percentage of large cookie values are related to shopping
basket usage and only get large in the course of multiple
interactions.
The combinatorial rules are difficult and must be implemented to some
degree by both the server and the client. In addition, they are in
support of a transition interval. I think they should be dropped in the
interest of simplicity.
Dave Morris
Received on Tuesday, 25 March 1997 12:21:50 UTC