[sent this yesterday, but it bounced]
personally, I tend to see it more from doug and nick's perspective and would
be inclined to fix a long-standing issue that never made sense to me, but
roy wrote the book and has unique insight here, so...
Umm, not really -- cookies are just broken by design. That's why they aren't in HTTP/1.1 and why they are not listed in 304. However, it is kind of pointless to only partly implement them, so go ahead and add Set-Cookie and Set-Cookie2 to the 304 list. Both the original Netscape spec and RFC 2965 allow Set-Cookie* to be sent on any response and expect it to be passed along in a 304, so we might as well allow folks to do totally moronic things with cookies.
....Roy
