cookie Port summary

Dave Kristol (dmk@research.bell-labs.com)
Mon, 24 Mar 97 11:26:27 EST

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Gregory J. Woodhouse: "Re: cookie Port summary"
Previous message: Koen Holtman: "Re: I-D ACTION:draft-ietf-http-hit-metering-01.txt"
Next in thread: Gregory J. Woodhouse: "Re: cookie Port summary"
Reply: Gregory J. Woodhouse: "Re: cookie Port summary"
Maybe reply: Dave Kristol: "Re: cookie Port summary"
Reply: Koen Holtman: "Re: cookie Port summary"
Reply: David W. Morris: "Re: cookie Port summary"
Maybe reply: Ross Patterson: "Re: cookie Port summary"

Here's my summary and elaboration of the proposal for restricting ports
in cookies.

Set-Cookie2
1) Syntax:
port-attr	=	"Port" [ "=" <"> 1#port-list <"> ]
port-list	=	decimal-number

Note:  port-attr is, of course, itself optional.

2) Semantics
Reject cookie if there is a port-list and the original connection was
not to a listed port.

Cookie:
1) Syntax:
(Return Port as $Port, with its value as received in Set-Cookie2, if any.)

2) Semantics, based on the Port attribute in Set-Cookie2:
	- default (no Port) behavior:  send cookie to any port
	- "Port" behavior:  send cookie only to port from which it was received
	- "Port=port-list" behavior:  send cookie only to a listed port

Note:  Port rules apply only after the Domain rules make the cookie otherwise
sendable.

Comments?
Dave Kristol

Next message: Gregory J. Woodhouse: "Re: cookie Port summary"
Previous message: Koen Holtman: "Re: I-D ACTION:draft-ietf-http-hit-metering-01.txt"
Next in thread: Gregory J. Woodhouse: "Re: cookie Port summary"
Reply: Gregory J. Woodhouse: "Re: cookie Port summary"
Maybe reply: Dave Kristol: "Re: cookie Port summary"
Reply: Koen Holtman: "Re: cookie Port summary"
Reply: David W. Morris: "Re: cookie Port summary"
Maybe reply: Ross Patterson: "Re: cookie Port summary"