- From: Mike West <mkwst@google.com>
- Date: Tue, 21 Jun 2016 14:42:04 +0200
- To: Matthew Cox <macox@microsoft.com>, Mark Nottingham <mnot@mnot.net>
- Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
- Message-ID: <CAKXHy=fOvttjSo4v1iusKcpQ1=-OuFLJKvQEPmtKHjAXYC-dnA@mail.gmail.com>
On Fri, Jun 3, 2016 at 6:31 PM, Matthew Cox <macox@microsoft.com> wrote: > We noticed that the host-only-flag behavior is different in most browsers > vs the RFC, and I’d like to get this updated with new work being done on > the cookie RFC. > > > > Given these two headers in a response from a request to > http://contoso.com/: > > > > Set-Cookie: mycookie=nothostonly; domain=contoso.com > > Set-Cookie: mycookie=hostonly > > > > You would expect one cookie based on RFC 6265 section 5.3 where the cookie > is defined by the name, domain, and path. > > > > However, most browsers will create two cookies since they take > host-only-flag into account when looking up/creating a cookie. > > > > Based on this I’d like to update section 5.3 and 4.1.2 to add > host-only-flag to the list of properties that make a unique cookie in the > store. > This seems like a reasonable change to me, and I believe it matches Chrome's existing behavior. > What’s the best way to get this added? Should I create an issue in GitHub? > I'd say file an issue against https://github.com/httpwg/http-extensions/issues; not sure if this is a substantial enough change to require more than that. Mark? -mike -mike On Fri, Jun 3, 2016 at 6:31 PM, Matthew Cox <macox@microsoft.com> wrote: > We noticed that the host-only-flag behavior is different in most browsers > vs the RFC, and I’d like to get this updated with new work being done on > the cookie RFC. > > > > Given these two headers in a response from a request to > http://contoso.com/: > > > > Set-Cookie: mycookie=nothostonly; domain=contoso.com > > Set-Cookie: mycookie=hostonly > > > > You would expect one cookie based on RFC 6265 section 5.3 where the cookie > is defined by the name, domain, and path. > > > > However, most browsers will create two cookies since they take > host-only-flag into account when looking up/creating a cookie. > > > > Based on this I’d like to update section 5.3 and 4.1.2 to add > host-only-flag to the list of properties that make a unique cookie in the > store. > > > > What’s the best way to get this added? Should I create an issue in GitHub? > > > > Thanks, > > > > Matthew > > >
Received on Tuesday, 21 June 2016 12:42:54 UTC