RE: cookie Port summary

Dave Kristol (dmk@research.bell-labs.com)
Mon, 24 Mar 97 17:50:22 EST

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Rob Hartill: "Re: Unverifiable Transactions / Cookie draft"
Previous message: Yaron Goland: "RE: cookie Port summary"

Yaron Goland <yarong@microsoft.com> wrote:

  > I must be going dense but the section stating "Reject cookie if there is
  > a port-list and the original connection was not to a listed port."
  > confuses me. It sounds like something I agree w/but I'm not clear on
  > what it means.
  > 
  > If a set-cookie2 with a port list comes down and is accepted and then a
  > second set-cookie2 comes down, which matches the first cookie, but isn't
  > from the right port, the second set-cookie2 is to be ignored?

Here's the idea:

1) UA connects to foo.com, port 80.
2) Server sends Set-Cookie2: x=y; Port="8000"
3) UA rejects the cookie, because port 80, the port for the request,
does not match any of the ports in the Port= attribute of Set-Cookie2.

Dave Kristol

Next message: Rob Hartill: "Re: Unverifiable Transactions / Cookie draft"
Previous message: Yaron Goland: "RE: cookie Port summary"