Re: LAST CALL, "HTTP State Management Mechanism (Rev1) " to Propo

Koen Holtman (koen@win.tue.nl)
Thu, 24 Jul 1997 20:33:07 +0200 (MET DST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Larry Masinter: "Re: Any objections to "Accept-encoding: gzip, *;q=0"?"
Previous message: Jeffrey Mogul: "Re: Another try at OPTIONS"
In reply to: Dave Kristol: "Re: LAST CALL, "HTTP State Management Mechanism (Rev1) " to Propo"
Next in thread: David W. Morris: "Re: LAST CALL, "HTTP State Management Mechanism (Rev1) " to Propo"
Reply: David W. Morris: "Re: LAST CALL, "HTTP State Management Mechanism (Rev1) " to Propo"

Dave Kristol:
>
[...]
>Does this wording express it adequately?:
>
>If the user agent allows the user to follow the [CommentURL] link [as
>part of a cookie inspection user interface], it should neither send nor
>accept a cookie until the user has completed the inspection.

I think the approach to solving this problem is wrong: the burden of
ensuring that the commentURL mechanism does not lead to
user-unfriendly or recursive situations should be on the server side.

I propose something like this:

 Servers SHOULD ensure that the user can visit the information pointed
 to by the commentURL without causing the user agent to receive
 additional Set-Cookie2 headers.  User agents SHOULD guard against the
 entering of infinite loops due to the commentURL mechanism, and MAY do
 this by disabling cookie processing when the commentURL is visited.

>Dave Kristol

Koen.

Next message: Larry Masinter: "Re: Any objections to "Accept-encoding: gzip, *;q=0"?"
Previous message: Jeffrey Mogul: "Re: Another try at OPTIONS"
In reply to: Dave Kristol: "Re: LAST CALL, "HTTP State Management Mechanism (Rev1) " to Propo"
Next in thread: David W. Morris: "Re: LAST CALL, "HTTP State Management Mechanism (Rev1) " to Propo"
Reply: David W. Morris: "Re: LAST CALL, "HTTP State Management Mechanism (Rev1) " to Propo"