Re: draft-ietf-http-state-man-mec-03: $Version and path from Gisle Aas on 1997-09-19 (ietf-http-wg@w3.org from July to September 1997)

From: Gisle Aas <aas@bergen.sn.no>
Date: 19 Sep 1997 11:59:27 +0200
To: Dave Kristol <dmk@research.bell-labs.com>
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: <hlo0tk4jk.fsf@bergen.sn.no>

dmk@research.bell-labs.com (Dave Kristol) writes:

> Gisle Aas <aas@bergen.sn.no> wrote on Mon, 15 Sep 1997 21:41:31 +0200:
> 
>   > I have tried to implement support for cookies in libwww-perl based on
>   > draft-ietf-http-state-man-mec-03.txt and have trouble finding answers
>   > to the following two questions.
>   > 
>   >   1) What to do for "Cookie: $Version=?" if the matching "Set-Cookie2"
>   >      fields have different value of their Version attributes?  What if
>   >      you have a mix of old "Set-Cookie" and "Set-Cookie2" fields that
>   >      match.
> 
> Think of sending separate Cookie headers for each Set-Cookie[2].  The
> $Version you send with each Cookie header corresponds to the one you
> received in the Set-Cookie[2] for that cookie.  So a $Version applies
> to all cookie-value's that follow it lexically in a Cookie header.

or just use "," as separator before a new $Version attribute?

  Cookie: $Version=1; foo=bar; $Path="/foo", $Version=2; foo=bar

>   >   2) Can the path attribute contain URL escapes (%XX) as substitues for
>   >      the "real" chars?
>   >      Does '"Set-Cookie2: ...;  Path="/foo%2f%62ar"' match for a URL
>   >      like http://www/%66oo/bar?   If not, what are the rules?
> 
> You are correct that the specification does not say.  It should.
> Should we allow/require the value for the Path attribute to be
> URL-encoded?

what I have done now is to let URL-encoded chars and unencoded chars
match and then let "%2F" and "/" be the exception.  Perhaps ";" should
be special too?

I have another question.  draft-ietf-http-state-man-mec-03 says:

| If multiple cookies satisfy the criteria above, they are ordered in the
| Cookie header such that those with more specific Path attributes precede
| those with less specific.  Ordering with respect to other attributes
| (e.g., Domain) is unspecified.

First of all I don't understand why you want to impose this order.
Can you comment on that?

Does this apply to cookies both with a specified and a default path?
Does paths belonging to different domains have to be ordered by most
specific path?

Consider these:

  Set-Cookie2: foo=bar1; Path="/foo"; Domain="www.acme.com"; Version=1
  Set-Cookie2: foo=bar2; Path="/foo/bar"; Domain=".acme.com"; Version=1
  Set-Cookie2: foo=bar3; Version=1; (response from http://www.acme.com/foo/bar/baz/)

and a request for

  http://www.acme.com/foo/bar/baz/x.html

Does the order have to be

  Cookie: $Version=1;
             foo=bar3;
             foo=bar2; $Path="/foo/bar"; $Domain=".acme.com";
             foo=bar1; $Path="/foo"; $Domain="www.acme.com"

or is it unspecified (which I hope :-)?

Regards,
Gisle

Received on Friday, 19 September 1997 03:04:29 UTC