- From: Matthew Cox <macox@microsoft.com>
- Date: Fri, 3 Jun 2016 16:31:56 +0000
- To: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Received on Friday, 3 June 2016 16:32:32 UTC
We noticed that the host-only-flag behavior is different in most browsers vs the RFC, and I'd like to get this updated with new work being done on the cookie RFC. Given these two headers in a response from a request to http://contoso.com/: Set-Cookie: mycookie=nothostonly; domain=contoso.com Set-Cookie: mycookie=hostonly You would expect one cookie based on RFC 6265 section 5.3 where the cookie is defined by the name, domain, and path. However, most browsers will create two cookies since they take host-only-flag into account when looking up/creating a cookie. Based on this I'd like to update section 5.3 and 4.1.2 to add host-only-flag to the list of properties that make a unique cookie in the store. What's the best way to get this added? Should I create an issue in GitHub? Thanks, Matthew
Received on Friday, 3 June 2016 16:32:32 UTC