Re: RFC6265bis status from Matthew Kerwin on 2016-10-05 (ietf-http-wg@w3.org from October to December 2016)

From: Matthew Kerwin <matthew@kerwin.net.au>
Date: Thu, 6 Oct 2016 06:43:29 +1000
To: Daniel Veditz <dveditz@mozilla.com>
Cc: Daniel Stenberg <daniel@haxx.se>, HTTP working group mailing list <ietf-http-wg@w3.org>
Message-ID: <CACweHNCN-u2vLg3whMne=0P1tep53K3nWHqiSSuD9sMA5JuSvw@mail.gmail.com>

On 6 October 2016 at 03:05, Daniel Veditz <dveditz@mozilla.com> wrote:

> On Tue, Oct 4, 2016 at 10:59 PM, Daniel Stenberg <daniel@haxx.se> wrote:
>
>   https://curl.haxx.se/mail/lib-2016-09/0103.html
>>
>> The two points being:
>>  1 - Are they two cookies or one?
>>
>
> Those are clearly two different cookies. The one set without a domain is
> a "host" cookie and will only be returned to httpbin.org. The one with
> the .httpbin.org domain would also be returned to www.httpbin.org,
> foo.httpbin.org, etc.
>
>
But you can make them both domain cookies:
http://httpbin.org/response-headers?Set-Cookie=foo=bar;domain=.httpbin.org&Set-Cookie=foo=qux;domain=httpbin.org

... which then, presumably, makes them identical, so it's the usual
last-one-wins? That seems to be how the httpbin.org server treats it,
anyway.

Cheers
-- 
  Matthew Kerwin
  http://matthew.kerwin.net.au/

Received on Wednesday, 5 October 2016 20:43:59 UTC