- From: Daniel Brotsky <dbrotsky@adobe.com>
- Date: Tue, 11 Sep 2001 12:54:16 -0700
- To: "Webdav WG" <w3c-dist-auth@w3c.org>
At 9:36 AM -0700 9/7/01, Lisa Dusseault wrote:
>There's a minor inconsistency in 2518: the spec says that the successful
>response to a LOCK request creating a new lock MUST contain the "Lock-Token"
>header (Section 8.10.1). However, the example shortly after (section
>8.10.8) does not contain that header -- instead, it shows the lock token in
>the body.
>
>Most clients seem to pull the lock token out of the body; does that mean the
>header isn't required?
Actually I think it's just an erratum in the example (which was
prepared before the lock-token: header requirement went into the
spec). There has been ample prior discussion of this on the list
(and I thought there was actually an issue about it): summary is
that, in general (including non-exclusive locks), it's impossible for
a client to determine from the body which lock token was granted. So
the lock-token: header *is* required.
Isn't there also an issue on the list saying that the lock-token
should be required with UNLOCK? There's the same problem there with
specifying which token to UNLOCK when a client owns multiple locks on
a resource.
I believe most clients currently look at the body to determine the
token only because they have to :^). Many olders servers (such as
IIS 5.0) didn't return lock-token: headers.
dan
--
Daniel Brotsky, Adobe Systems
tel 408-536-4150, pager 877-704-4062
2-way pager email: <mailto:page-dbrotsky@adobe.com>
Received on Tuesday, 11 September 2001 15:59:34 UTC