Re: The state of cookies

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Anselm Baird_Smith: "Content-Range and Caching Proxies"
• Previous message: Jeffrey Mogul: "Re: Internet Draft http-versions-00"
• Maybe in reply to: Larry Masinter: "The state of cookies"
• Next in thread: Dave Kristol: "Re: The state of cookies"

Dave Kristol wrote:
> 
> Larry Masinter <masinter@parc.xerox.com> wrote:
>   > Can someone please write a short, self-contained
>   > description of what in RFC 2109 is technically "broken"?
>   > Why it is that vendors can't just implement the "proposed
>   > standard" as a hotfix or patch or in their next release?
> 
> See draft-ietf-http-state-mgmt-errata-00.txt.  The relevant section
> [edited by me for this email] says:
> 
>      Microsoft Internet Explorer (MSIE) Version 3 and earlier will
>      fail to handle some cookies that use this specification.  For
>      example, if a server sends the following response header to MSIE V3
>      (omitting the line breaks):
> 
>      Set-cookie: xx="1=2&3-4";
>          Comment="blah";
>          Version=1; Max-Age=15552000; Path=/;
>          Expires=Sun, 27 Apr 1997 01:16:23 GMT
> 
>      then MSIE V3 will send something like the following request header
>      next time:
> 
>          Cookie: Max-Age=15552000
> 
>      instead of [what Netscape's implementation would have returned]:
> 
>          Cookie: xx="1=2&3-4"
> 

I thought the problem was that MSIE would send back _both_
cookie: xx="1=2&3-4"; Max-Age=15552000

If that's the case, why can't we just note that in the
spec and tell implementors to ignore any cookies named
"max-age"?  Since it will only effect people who try
to use the new spec they can deal with the problem gracefully.

:lou

• Next message: Anselm Baird_Smith: "Content-Range and Caching Proxies"
• Previous message: Jeffrey Mogul: "Re: Internet Draft http-versions-00"
• Maybe in reply to: Larry Masinter: "The state of cookies"
• Next in thread: Dave Kristol: "Re: The state of cookies"