1 |
|
2 |
|
3 |
HTTP Working Group David M. Kristol |
4 |
INTERNET DRAFT Bell Laboratories, Lucent Technologies |
5 |
<draft-ietf-http-state-mgmt-errata-00.txt> |
6 |
February 3, 1997 Expires August 3, 1997 |
7 |
|
8 |
|
9 |
HTTP State Management Mechanism (Errata) |
10 |
|
11 |
|
12 |
|
13 |
Status of this Memo |
14 |
|
15 |
This document is an Internet-Draft. Internet-Drafts are |
16 |
working documents of the Internet Engineering Task Force |
17 |
(IETF), its areas, and its working groups. Note that other |
18 |
groups may also distribute working documents as Internet- |
19 |
Drafts. |
20 |
|
21 |
Internet-Drafts are draft documents valid for a maximum of six |
22 |
months and may be updated, replaced, or obsoleted by other |
23 |
documents at any time. It is inappropriate to use Internet- |
24 |
Drafts as reference material or to cite them other than as |
25 |
``work in progress.'' |
26 |
|
27 |
To learn the current status of any Internet-Draft, please |
28 |
check the ``1id-abstracts.txt'' listing contained in the |
29 |
Internet- Drafts Shadow Directories on ftp.is.co.za (Africa), |
30 |
nic.nordu.net (Europe), munnari.oz.au (Pacific Rim), |
31 |
ds.internic.net (US East Coast), or ftp.isi.edu (US West |
32 |
Coast). |
33 |
|
34 |
This is author's draft 1.9. |
35 |
|
36 |
|
37 |
1. ABSTRACT |
38 |
|
39 |
This document contains miscellaneous small wording changes and |
40 |
clarifications to draft-ietf-http-state-mgmt-05, the HTTP State |
41 |
Management Mechanism draft. |
42 |
|
43 |
|
44 |
2. PROPOSED CHANGES |
45 |
|
46 |
Changes are referenced to the sections in the original document. New or |
47 |
changed text is shown in []'s. |
48 |
|
49 |
4.2.2 Set-Cookie Syntax |
50 |
Under the heading: Comment=comment: |
51 |
|
52 |
``Optional. Because cookies can contain private information about |
53 |
a user, the [Comment] attribute allows an origin server to document |
54 |
its intended use of a cookie....'' |
55 |
|
56 |
Under the heading: Secure: |
57 |
|
58 |
|
59 |
|
60 |
|
61 |
|
62 |
Kristol draft-ietf-http-state-mgmt-errata-00.txt [Page 1] |
63 |
|
64 |
|
65 |
|
66 |
|
67 |
|
68 |
|
69 |
|
70 |
INTERNET DRAFT HTTP State Management Mechanism (Errata)February 3, 1997 |
71 |
|
72 |
|
73 |
|
74 |
``Optional. The Secure attribute (with no value) directs the user |
75 |
agent to use only (unspecified) secure means to contact the origin |
76 |
server whenever it sends back this cookie[, to protect the |
77 |
confidentially and authenticity of the information in the |
78 |
cookie].'' |
79 |
|
80 |
4.2.3 Controlling Caching |
81 |
|
82 |
The directive max-age=0 is necessary in the Cache-Control header to |
83 |
force revalidation. Therefore, two example headers must change. |
84 |
|
85 |
The example header in the second bullet should read Cache-Control: |
86 |
must-revalidate[, max-age=0]. |
87 |
|
88 |
The example header in the third bullet should read Cache-Control: |
89 |
proxy-revalidate[, max-age=0]. |
90 |
|
91 |
4.3.2 Rejecting Cookies |
92 |
``To prevent possible security or privacy violations, a user agent |
93 |
rejects a cookie (shall not store its information) if any of the |
94 |
following is true [of the attributes explicitly present in the |
95 |
Set-Cookie response header]:...'' |
96 |
|
97 |
10.2 Compatibility with Microsoft's Implementation |
98 |
[Insert new section between current sections 10.1 and 10.2.] |
99 |
|
100 |
``Microsoft Internet Explorer (MSIE) Version 3 and earlier will |
101 |
fail to handle some cookies that use this specification. For |
102 |
example, if a server sends the following response header to MSIE V3 |
103 |
(omitting the line breaks): |
104 |
|
105 |
Set-cookie: xx="1=2&3-4"; |
106 |
Comment="blah"; |
107 |
Version=1; Max-Age=15552000; Path=/; |
108 |
Expires=Sun, 27 Apr 1997 01:16:23 GMT |
109 |
|
110 |
then MSIE V3 will send something like the following request header |
111 |
next time: |
112 |
|
113 |
Cookie: Max-Age=15552000 |
114 |
|
115 |
instead of the correct |
116 |
|
117 |
Cookie: xx="1=2&3-4" |
118 |
|
119 |
In other words, MSIE sends back the wrong cookie name and value.'' |
120 |
|
121 |
|
122 |
|
123 |
|
124 |
|
125 |
|
126 |
|
127 |
|
128 |
Kristol draft-ietf-http-state-mgmt-errata-00.txt [Page 2] |
129 |
|
130 |
|
131 |
|
132 |
|
133 |
|
134 |
|
135 |
|
136 |
INTERNET DRAFT HTTP State Management Mechanism (Errata)February 3, 1997 |
137 |
|
138 |
|
139 |
|
140 |
3. ACKNOWLEDGEMENTS |
141 |
|
142 |
The following people identified problems and/or suggested improvements |
143 |
in draft-ietf-http-state-mgmt-05: Anselm Baird Smith (reported by Koen |
144 |
Holtman), Jason Catlett, Martijn Koster (reported by Koen Holtman), |
145 |
Raymie Stata. |
146 |
|
147 |
|
148 |
4. AUTHOR'S ADDRESS |
149 |
|
150 |
David M. Kristol |
151 |
Bell Laboratories, Lucent Technologies |
152 |
600 Mountain Ave. Room 2A-227 |
153 |
Murray Hill, NJ 07974 |
154 |
|
155 |
Phone: (908) 582-2250 |
156 |
FAX: (908) 582-5809 |
157 |
Email: dmk@bell-labs.com |
158 |
|
159 |
|
160 |
|
161 |
|
162 |
Expires August 3, 1997 |
163 |
|
164 |
|
165 |
|
166 |
|
167 |
|
168 |
|
169 |
|
170 |
|
171 |
|
172 |
|
173 |
|
174 |
|
175 |
|
176 |
|
177 |
|
178 |
|
179 |
|
180 |
|
181 |
|
182 |
|
183 |
|
184 |
|
185 |
|
186 |
|
187 |
|
188 |
|
189 |
|
190 |
|
191 |
|
192 |
|
193 |
|
194 |
Kristol draft-ietf-http-state-mgmt-errata-00.txt [Page 3] |
195 |
|
196 |
|
197 |
|
198 |
|