[Dillo-dev] want to test some experimental cookies code?

Jorge Arellano Cid jcid at dillo.org
Sat Jan 9 18:16:33 CET 2010 

On Tue, Jan 05, 2010 at 09:12:39PM +0000, corvid wrote:
> In recent days, I've been making a version of cookies dpi that
> follows the current cookies draft of the http state working group.
> 
> I haven't tested it exhaustively yet, but if anyone who uses
> cookies wants to try it and watch the msgs and so on, let me know.
> 
> 
> As for how much validity or meaningfulness this draft has, let's see...
> - They've made the decision to describe the way things currently behave,
>   having learned from the bitter experience of others who made RFC 2109
>   and RFC 2965*.
>   In 2010, no one has any way to be King of Cookies. They write testcases and
>   try all of the major browsers and decide what they want to write down in
>   their spec when there are differences.
> - On their mailing list, from the user agents, they have an opera guy, the
>   curl guy, and someone related to firefox, although I didn't take any notice
>   of whether he has a position of authority in firefox or not.
> - Of course there will be changes. Smallish, I think.
> 
> 
> A cookie set without an explicit domain goes only to that domain.
> A cookie with a domain attribute is sent to that domain and any subdomain.
> A .domain attr cookie can go to domain.
> As for how to decide to reject cookies for, e.g., .co.uk, I don't think they're
>  ever going to say too much.
> 
> A cookie can be set for any path, regardless of the url path of the page
>  setting it.
> Paths are matched when selecting cookies to return, though.
> Path-matching does work by slashes instead of simple prefixes.
> 
> An http page can set a secure cookie (just like currently).
> 
> An example of the little things that may change are that a cookie that is
> just VALUE instead of NAME=VALUE is currently allowed, but it's not decided
> for good yet. There are corner cases such as this that maybe they could
> make illegal without rendering themselves irrelevant.
> 
> 
> * To be precise, the main author of the RFCs has written that it was at
> least initially reasonable to think that what they were putting together
> in rfc 2109 would be adopted by user agents.

  AFAIS, you're our cookies expert now.
  Please feel free to replace the current dpi when you see net gain.


-- 
  Cheers
  Jorge.-

More information about the Dillo-dev mailing list