Re: Proposal: Cookie Priorities

On Mon, Mar 7, 2016 at 10:53 AM, Daniel Stenberg <daniel@haxx.se> wrote:

> On Mon, 7 Mar 2016, Mike West wrote:
>
> What happens to cookies that are actually called 'Priority' ?
>>>
>>
>> Like cookies named "HttpOnly" or "MaxAge", this is handled by step 1 of
>> https://tools.ietf.org/html/rfc6265#section-5.2, which splits the cookie
>> string on the first ';' into the name/value pair, and the set of attributes.
>>
>
> IOW: they'll stop working or get mixed up since we can't tell them apart?
>

We can tell them apart when we're parsing the cookie string. I'll explain
in more detail below, but I think you can convince yourself by sending a
`Set-Cookie: Priority=HUGE; Priority=High` header to Chrome and examining
the cookie jar.


> Or am I missing some subtlety?


Consider a `Set-Cookie` header whose value is `Priority=HUGE;
Priority=High`, which I think is what you're worried about.

Step 1 of the algorithm in https://tools.ietf.org/html/rfc6265#section-5.2
splits that string into a `name-value-pair` consisting of "Priority=HUGE",
and an `unparsed-attributes` of `; Priority=High`.

Steps 3-6 set the cookie's `cookie-name` to "Priority" and `cookie-value`
to "HUGE".

Then the second part of that algorithm parses `unparsed-attributes` to
extract an attribute named "Priority" with a value of "High".

-mike

Received on Monday, 7 March 2016 10:10:43 UTC