[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Chicken-users] http cookie order
|
From: |
Graham Fawcett |
|
Subject: |
Re: [Chicken-users] http cookie order |
|
Date: |
Fri, 28 Mar 2008 22:22:54 -0400 |
On Fri, Mar 28, 2008 at 8:31 PM, Drake Wilson <address@hidden> wrote:
> [RFC excerpts snipped]
> My interpretation of this is:
>
> - Forwarders are not permitted to rearrange multiple Set-Cookie
> headers. HTTP client and server libraries have the same
> constraint.
>
> - Origin servers should not generate multiple Set-Cookie headers in
> the same response for the same (name, domain, path) tuple, since
> it is not clear what one should do with them.
>
> - Clients should interpret Set-Cookie headers in the order they are
> received, partly because it's a more constrained interpretation of
> the term "pre-existing" in the spec, and partly due to rude-ish
> websites that will return ambiguous responses and expect that
> interpretation. (I do not know of any site that expects a
> different interpretation of multiple cookies overwriting each
> other in the same response.)
Excellent analysis, Drake. I think your interpretation is on the money.
> (RFC 2109 is also supposedly "obsoleted" by RFC 2965, but that
> describes the behavior of Set-Cookie2 headers, not Set-Cookie headers,
> and it doesn't seem any clearer.)
Yes, I find that odd as well. :-)
Thanks,
Graham