+1 On Mar 7, 2014, at 6:58 PM, William A. Rowe Jr. <wmr...@gmail.com> wrote:
> So I am happy to agree with the semicolon list delimiter for logging. > On Mar 7, 2014 5:09 PM, "Yann Ylavic" <ylavic....@gmail.com> wrote: > On Sat, Mar 8, 2014 at 12:06 AM, William A. Rowe Jr. <wmr...@gmail.com> wrote: > > > > On Mar 7, 2014 4:50 PM, "Yann Ylavic" <ylavic....@gmail.com> wrote: > >> > >> On Fri, Mar 7, 2014 at 10:25 PM, William A. Rowe Jr. <wmr...@gmail.com> > >> wrote: > >> > In working through this code, I realized that you may have multiple > >> > cookie > >> > headers of multiple values for the same cookie name. > >> > > >> > Mark Thomas looked at the spec for me and determined they would be > >> > entirely > >> > permissible by RFC 6265 S4.2.2. But today we simply log one and done. > >> > >> I can't presume how far you plan to handle the multiple cookie > >> headers, but should you handle "Cookie: name1=value1, name2=value2" as > >> two distinct cookies (like comma separated headers defined by the HTTP > >> RFC), it's good to know that most (if not all) user-agents won't, > >> mostly because applications (cookie setters) won't either quote > >> Set-Cookie values or attributes containing comma (double-quotes were > >> not defined with cookies version 0). > >> > >> As a consequence, the above is commonly considered a single cookie > >> named [name1] with value [value1, name2=value2]... > > > > Did you mean comma? Or semicolon? > > Comma yes. > Semicolon is the only de facto cookie separator.