DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18388>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18388 Set-Cookie header not honored on 304 (Not modified) status [EMAIL PROTECTED] changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|INVALID | ------- Additional Comments From [EMAIL PROTECTED] 2003-06-03 13:54 ------- Section 10.3.5 of RFC 2616 makes this statement: "If the conditional GET used a strong cache validator (see section 13.3.3), the response SHOULD NOT include other entity-headers. Otherwise (i.e., the conditional GET used a weak validator), the response MUST NOT include other entity-headers; this prevents inconsistencies between cached entity-bodies and updated headers." Note that only entity-headers are forbidden. Section 4.2 describes three sets of headers: request (defined in 5.3), response (defined in section 6.2), and entity (defined in section 7.1). Each of these three sections lists headers, but "Set-Cookie" is not listed in any of the three sets. Section 6.2 makes this statment: "The response-header fields allow the server to pass additional information about the response which cannot be placed in the Status- Line." and... "However, new or experimental header fields MAY be given the semantics of response- header fields if all parties in the communication recognize them to be response-header fields. Unrecognized header fields are treated as entity-header fields." While section 7.1 makes this statement: "Entity-header fields define metainformation about the entity-body or, if no body is present, about the resource identified by the request." Set-Cookie meets the test of universal acceptance as a known response-header and is must better defined as a response-header ("additional information") than as an entity-header ("metainformation about the entity-body"). It is also important to note that all other major web servers (IIS, iPlanet, and Domino) will return Set-Cookie headers on a 304 status. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
