- From: Lisa Dusseault <lisa@xythos.com>
- Date: Sun, 15 Sep 2002 11:13:50 -0700
- To: "Webdav WG" <w3c-dist-auth@w3c.org>
RFC 2518 is silent on cookies. It requires support for RFC2068 (now RFC2616), but does not reference the HTTP Cookie RFC (RFC 2965). Some WebDAV servers, however, rely on setting cookies to keep a session for an unauthenticated user. For Basic authentication, cookies can vastly reduce the number of times a nearly-clear-text password is sent over the network, so cookies can make the interaction more secure. Session cookies are less secure than Digest authentication, however servers with low security requirements and high performance requirements may prefer to use cookies. In addition to being used for keeping sessions, cookies may be used to keep track of other client preferences (this is theoretical as I do not know of any actual examples). Thus, it was proposed that RFC2518 bis reference RFC2965, and say that "clients SHOULD support cookies". Discuss? Lisa
Received on Sunday, 15 September 2002 14:14:37 UTC