- From: Dave Kristol <dmk-http@kristol.org>
- Date: Thu, 14 Aug 2008 11:47:54 -0400
- To: Julian Reschke <julian.reschke@gmx.de>
- CC: HTTP Working Group <ietf-http-wg@w3.org>
On 08/13/2008 04:07 PM, Julian Reschke wrote: > > Julian Reschke wrote: >> >> Hi. >> >> It seems to me that we really should open a separate issue (*) for >> this one, so that it doesn't get lost. >> ... > > Opened as <http://tools.ietf.org/wg/httpbis/trac/ticket/129>. Regarding this comment: (That nobody implements RFC2109 is implied in RFC2965, which obsoletes RFC2109 and in section 9 talks about using Set-Cookie2 alongside Netscape style Set-Cookies, not mentioning RFC2109 style Set-Cookiess. I think this reflects the observation at the time that the change of Set-Cookie syntax promoted in RFC2109 wasn't taken up, probably because it's not backward compatible.) I wrote a paper that describes the standardization process for cookies in excruciating detail. You can get it at <http://arxiv.org/abs/cs.SE/0105018>. I'll refer to some of its sections below Appendix section A.2, particularly A.2.3, discusses the problem of "folding" multiple Cookie headers, that is the problem of "," and ";" separators. I suspect (but have no proof) that, in self-defense, current clients and servers treat Cookie as a special case and are careful to send each cookie in its own header, rather than merge them. Appendix B describes where Set-Cookie2 came from. It had nothing to do with "," vs. ";", at least originally. Work on what became RFC 2965 began shortly after RFC 2109 came out, to fix an incompatibility we found. That work began well before RFC 2109 would have had any time to be adopted. The long time gap between RFC 2109 and RFC 2965 arose from other factors. See section 4.3.3. It was certainly our goal (see section 4.3) to introduce upward- (or is it downward- ?) compatible changes, though we had to deal with the hand that Netscape's specification dealt us. We obviously didn't succeed. Dave Kristol
Received on Thursday, 14 August 2008 15:48:34 UTC