Re: Delete-Cookie header?? from Yoav Weiss on 2025-02-24 (ietf-http-wg@w3.org from January to March 2025)

From: Yoav Weiss <yoav.weiss@shopify.com>
Date: Mon, 24 Feb 2025 11:25:01 +0100
To: Anne van Kesteren <annevk@annevk.nl>
Cc: HTTP Working Group <ietf-http-wg@w3.org>, Patrick Meenan <patmeenan@gmail.com>, Steven Bingler <bingler@google.com>, רועי ברקאי <roybarkayyosef@gmail.com>, Watson Ladd <watsonbladd@gmail.com>, Yoav Weiss <yoav@yoav.ws>, Rory Hewitt <rory.hewitt@gmail.com>, Daniel Stenberg <daniel@haxx.se>, Colin Bendell <colin.bendell@shopify.com>
Message-ID: <CALYmMadBT++Bhb=UBm1Yn2-d89995rh0ARAxr8oggyaYtRh+Ag@mail.gmail.com>

On Mon, Feb 24, 2025 at 11:17 AM Anne van Kesteren <annevk@annevk.nl> wrote:

>
> On 24. Feb 2025, at 9:33 AM, Yoav Weiss <yoav.weiss@shopify.com> wrote:
>
> I (belatedly) whipped together an I-D for this:
> https://yoavweiss.github.io/delete-cookie/draft-deletecookie-weiss-http.html
>
>
> One aspect the draft does not go into is that the value space of a cookie
> name is wider than SFV token.
>

Interesting! Is that because a `Set-Cookie` takes in an HTTP token
<https://www.rfc-editor.org/rfc/rfc9110#section-5.6.2> as its name?

In particular when we look at the cookies that can be created, not just
> those servers should create. E.g., a cookie can be named <blah> (including
> the angle brackets), but you cannot delete that cookie with this proposal.
>

Received on Monday, 24 February 2025 10:25:17 UTC