- From: Mark Nottingham <mnot@mnot.net>
- Date: Wed, 20 Jan 2016 15:34:19 +1100
- To: Anne van Kesteren <annevk@annevk.nl>
- Cc: Patrick McManus <pmcmanus@mozilla.com>, Honza Bambas <hbambas@mozilla.com>, Youenn Fablet <youennf@gmail.com>, Takeshi Yoshino <tyoshino@google.com>, Ryan Sleevi <sleevi@google.com>, Jacob Rossi <Jacob.Rossi@microsoft.com>, Alex Christensen <achristensen@webkit.org>, Edward O'Connor <hober@apple.com>, Ben Kelly <bkelly@mozilla.com>, Nikki Bee <nikkicubed@gmail.com>, www-archive <www-archive@w3.org>
> On 19 Jan 2016, at 8:27 pm, Anne van Kesteren <annevk@annevk.nl> wrote: > > I thought this was important for cookies (that they could not be > combined), but there's nothing in RFC 7230 that supports that. The relevant bit is <http://httpwg.github.io/specs/rfc7230.html#rfc.section.3.2.2> """ Note: In practice, the "Set-Cookie" header field ([RFC6265]) often appears multiple times in a response message and does not use the list syntax, violating the above requirements on multiple header fields with the same name. Since it cannot be combined into a single field-value, recipients ought to handle "Set-Cookie" as a special case while processing header fields. (See Appendix A.2.3 of [Kri2001] for details.) """ It doesn't talk explicitly about Cookie. Reminder - we (the HTTP WG) are talking about re-opening the cookie spec to do surgery; if you have suggestions on improvements (and this might be a good place), see: http://www.w3.org/mid/FAF2C2E8-0A6A-4C34-B4C4-57190AAE118D@mnot.net -- Mark Nottingham https://www.mnot.net/
Received on Wednesday, 20 January 2016 04:34:53 UTC