Re: Proposal: Cookie Priorities from Mike West on 2016-03-07 (ietf-http-wg@w3.org from January to March 2016)

From: Mike West <mkwst@google.com>
Date: Mon, 7 Mar 2016 11:09:50 +0100
To: Daniel Stenberg <daniel@haxx.se>
Cc: HTTP Working Group <ietf-http-wg@w3.org>, Samuel Huang <huangs@google.com>, Mark Nottingham <mnot@mnot.net>
Message-ID: <CAKXHy=fTSzgYJaj8P7HkofzKfhx-JEt8SJkxriz8dqmM99Tb_g@mail.gmail.com>

On Mon, Mar 7, 2016 at 10:53 AM, Daniel Stenberg <daniel@haxx.se> wrote:

> On Mon, 7 Mar 2016, Mike West wrote:
>
> What happens to cookies that are actually called 'Priority' ?
>>>
>>
>> Like cookies named "HttpOnly" or "MaxAge", this is handled by step 1 of
>> https://tools.ietf.org/html/rfc6265#section-5.2, which splits the cookie
>> string on the first ';' into the name/value pair, and the set of attributes.
>>
>
> IOW: they'll stop working or get mixed up since we can't tell them apart?
>

We can tell them apart when we're parsing the cookie string. I'll explain
in more detail below, but I think you can convince yourself by sending a
`Set-Cookie: Priority=HUGE; Priority=High` header to Chrome and examining
the cookie jar.

> Or am I missing some subtlety?

Consider a `Set-Cookie` header whose value is `Priority=HUGE;
Priority=High`, which I think is what you're worried about.

Step 1 of the algorithm in https://tools.ietf.org/html/rfc6265#section-5.2
splits that string into a `name-value-pair` consisting of "Priority=HUGE",
and an `unparsed-attributes` of `; Priority=High`.

Steps 3-6 set the cookie's `cookie-name` to "Priority" and `cookie-value`
to "HUGE".

Then the second part of that algorithm parses `unparsed-attributes` to
extract an attribute named "Priority" with a value of "High".

-mike

Received on Monday, 7 March 2016 10:10:43 UTC