W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2008

Re: Set-Cookie vs list header parsing (i129)

From: Julian Reschke <julian.reschke@gmx.de>
Date: Thu, 21 Aug 2008 10:17:58 +0200
Message-ID: <48AD24B6.2060904@gmx.de>
To: Dan Winship <dan.winship@gmail.com>
CC: ietf-http-wg@w3.org

Julian Reschke wrote:
> Dan Winship wrote:
>> Julian Reschke wrote:
>>> To be complete we would also need to cite the original spec
>>> (<http://www.netscape.com/newsref/std/cookie_spec.html>, 404s...). We
>>> already have three cookie-related references; enough is enough, isn't 
>>> it?
>> Well, but that one is more worth citing than some of the others, since
>> it's pretty much what people actually implement in practice.
> It's indirectly referenced through RFC2965, which now has an erratum 
> pointing out the backup URL (thanks, Daniel) -- see 
> <http://www.rfc-editor.org/errata_search.php?rfc=2965>.
>>> The currently proposed text is at:
>>> <http://www3.tools.ietf.org/wg/httpbis/trac/attachment/ticket/129/i129.diff> 
>> AFAIK, the problem is only with "Set-Cookie", not "Cookie". (There's no
>> need to send multiple Cookie headers; the spec says you're supposed to
>> include all of the cookies, semicolon-delimited, in a single Cookie 
>> header.)
> OK, see 
> <http://www3.tools.ietf.org/wg/httpbis/trac/attachment/ticket/129/i129.3.diff>. 
> ...

For now, I have submitted the change, and closed the issue (see 

The new text now states:

       Note: the "Set-Cookie" header as implemented in practice (as
       opposed to how it is specified in [RFC2109]) can occur multiple
       times, but does not use the list syntax, and thus cannot be
       combined into a single line.  (See Appendix A.2.3 of [Kri2001] for
       details.)  Also note that the Set-Cookie2 header specified in
       [RFC2965] does not share this problem.

BR, Julian
Received on Thursday, 21 August 2008 08:18:52 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:13:37 UTC