You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by bu...@apache.org on 2003/04/17 05:32:45 UTC
DO NOT REPLY [Bug 19102] New: -
Set-Cookie2 and Set-Cookie
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19102>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19102
Set-Cookie2 and Set-Cookie
Summary: Set-Cookie2 and Set-Cookie
Product: Commons
Version: 2.0 Alpha 3
Platform: Other
OS/Version: Other
Status: NEW
Severity: Normal
Priority: Other
Component: HttpClient
AssignedTo: commons-httpclient-dev@jakarta.apache.org
ReportedBy: shinobo@leo.bekkoame.ne.jp
Acording to RFC2965 9.1:
User agents that
receive in the same response both a Set-Cookie and Set-Cookie2
response header for the same cookie MUST discard the Set-Cookie
information and use only the Set-Cookie2 information.
this is read that the header for a cetain cookie, but not all cookie.
So, Server can send only Set-Cookie header for some cookies and,
for cookies send Set-Cookie2,Set-cookie both.
But httpclient implementation handles this that if find any set-cookie2 header,
then ignores all Set-cookie header.
I know some sites use set-cookie2 only for cookies which needs
more flexible exiration handling, and for other cookies use only
Set-Cookie. One of exmaples of such sites I know is
TDNet Database service provided by Tokyo Stock Exchange.
So, the preferred implementation is that if set-cookie2 header
found for a certain cookie then cookie value is set from set-cookie2 header, if
not, then from Set-Cookie header.