Re: HTTPOnly Cookies Specification

On Fri, 21 Nov 2008, Dan Winship wrote:

> What would really be useful would be for someone to pull an HTML5 on 
> cookies, documenting how they are actually parsed (ie, not like the Netscape 
> spec or either RFC says), how the path and domain parameters are actually 
> used (ie, not like the Netscape spec or either RFC says), etc.

Such a "someone" would preferably come from one of the major browsers' camps 
then as they should have the best knowledge about how this truly works. 
However that would also bring up a fair amount of interepretation issues and 
differences between the browsers and it will not be an easy task to write a 
docs with _single_ "how they are actually done" explanation.

Doing a HTTPOnly spec without properly putting that into its proper place in 
the entire cookie handling landscape seems like work bordering to useless to 
me.

As author of an HTTP library with cookie handling (including HTTPOnly) I would 
be very interested in seeing this complete doc so that I can make sure my work 
interoperate as good as possible.

-- 

  / daniel.haxx.se

Received on Saturday, 22 November 2008 15:55:30 UTC