Despite the quote from Roy Fielding, I stand by my claim that Set-Cookie is a response-header and not an entity-header.
I would say a cookie is an entity header, in that in its typical use, the cookie value is bound somehow to the page that comes along with it.
For example, a cookie might (and often does) contain a session id, while the content of the page is delivered unique to the session. If the cookie is considered a request header, then the possiblity exists for a different session id to be delivered with the original content, which does not necessarily match that session id.
Regards,
Graham
--
-----------------------------------------
[EMAIL PROTECTED] "There's a moon
over Bourbon Street
tonight..."