On Mon, Mar 7, 2016 at 4:37 AM, Daniel Stenberg <daniel@haxx.se> wrote: > On Mon, 7 Mar 2016, Mike West wrote: > > I'm confused. Are there clients that process things in the reverse order >> from what RFC6265 lays out? >> > > I'm sure there are several. The curl one just happens to be the one I know > the best. > > I mean, according to the algorithm I quoted in the previous response, >> `Priority=Low; favcolor=blue` _is_ a cookie named `Priority`. Just like >> `Max-Age=1; favcolor=blue` is a cookie named `Max-Age` today. I think >> that's the way browsers process cookies today. Does `curl` do things >> differently? >> > > It does! It basically detects a set of names used for properties and > treats the first unknown name value pair on the header as the cookie name, > in a left-to-right order on the header. > > (I'm not suggesting it is a "proper" or "good" implementation, just that > it works with the vast majority of sites using cookies and it was written > long before we created RFC 6265 and I guess nobody felt the need to update > it since to that aspect.) It might be worth improving the libcurl implementation to match RFC6265. The vast majority of user agents using the parsing approach described in RFC6265. Having a hard-coded list of attribute names makes it (even more) difficult to extend and improve cookies over time. Regardless of what you think of this particular extension, I think most people would agree that extensibility in protocols is valuable. Adam
Received on Monday, 7 March 2016 17:14:22 UTC