You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hc.apache.org by bu...@apache.org on 2003/04/17 05:32:45 UTC

DO NOT REPLY [Bug 19102] New: - Set-Cookie2 and Set-Cookie

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19102>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19102

Set-Cookie2 and Set-Cookie

           Summary: Set-Cookie2 and Set-Cookie
           Product: Commons
           Version: 2.0 Alpha 3
          Platform: Other
        OS/Version: Other
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: HttpClient
        AssignedTo: commons-httpclient-dev@jakarta.apache.org
        ReportedBy: shinobo@leo.bekkoame.ne.jp


Acording to RFC2965 9.1:
                                                 User agents that
   receive in the same response both a Set-Cookie and Set-Cookie2
   response header for the same cookie MUST discard the Set-Cookie
   information and use only the Set-Cookie2 information.

this is read that the header for a cetain cookie, but not all cookie.
So, Server can send only Set-Cookie header for some cookies and,
for cookies send Set-Cookie2,Set-cookie both.

But httpclient implementation handles this that if find any set-cookie2 header,
then ignores all Set-cookie header.
I know some sites use set-cookie2 only for cookies which needs
 more flexible exiration handling, and for other cookies use only
Set-Cookie. One of exmaples of such sites I know is 
TDNet Database service provided by Tokyo Stock Exchange.

So, the preferred implementation is that if set-cookie2 header
 found for a certain cookie then cookie value is set from set-cookie2 header, if
not, then from Set-Cookie header.