On Sun, 2005-07-24 at 20:47 +0000, Samit Jain wrote: > Hi Oleg, > I want to report on the progress on the project I am working on. I > have completed the parsing and validation of cookies using RFC 2965. I > am in the process of testing it and fixing bugs. I have a long list of > questions, so I am going to ask them in parts. Here are some > questions. It would be great if you could answer them: >
Hi Samit Thanks for keeping us in the loop. I am by no means the ultimate authority on the Cooke2 spec. Besides, it's been a while since I read RFC 2965. But here's my take for what it is worth. > 1. The cookie2 specification says that if an attribute occurs more > than once in the Set-Cookie2 header, always use only the first > appearance of the attribute; the client must ignore values after the > first. So if there is an error in the second appearance of an > attribute, do I just ignore it or do I reject the cookie. For example, > if I receive the following header: > > Set-Cookie2: sId="32323";Version="1";Port="80,8000",Path="/tmp",Port="sam" > The Port attribute occurs twice and the second apperance has errors. > Is this cookie acceptable? > I think the cookie should be accepted. We should follow the letter of the spec and simply ignore the superfluous attributes regardless their content > 2. I 've some confusion regarding handing of Set-cookie headers. The > specification says that if a "user agent that follows both the new > specification and the old specification" can receive the Set-Cookie > header if there is no Set-Cookie2 header in the response. How do you > think I should handle Set-Cookie headers? > This is how I interpret it. If both new old and new style cookie headers are present for the same cookie name, the old one should be ignored. If only the old style cookie is present it should be parsed, validated and formatted in a manner compatible with the Netscape draft. I think this is how the existing RFC2109Spec goes about it > Just to make sure you know, I downloaded a local copy of code Commons > HttpClient release 3 (rc 3). So I will be submitting my code later as > a patch against this version. > I believe you should rather write and test your code against the SVN trunk, as I some point we will branch off the trunk a dedicated branch for your work. So, you should make yourself familiar with SVN rather sooner than later Please do send your emails to the httpclient-dev, not to me directly. I monitor the list regularly and will always respond (or do my very best to respond) in a timely manner. This is because other folks may have a few ideas or opinions to toss in. Besides, a part of the deal with Google is that we get you introduced to the way we develop Apache software. So, we should play by the rules. Cheers, Oleg PS: I am sending this response to the list as well in order to keep the rest of the team up to date > thanks, > Samit. > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
