Javascript disabled? Like other modern websites, the IETF Datatracker relies on Javascript. Please enable Javascript for full functionality.

HTTP State Management Mechanism
charter-ietf-httpstate-01

Versions:

Document	Charter	HTTP State Management Mechanism WG (httpstate)
	Title	HTTP State Management Mechanism
	Last updated	2011-05-18
	State	Approved
WG	State	Concluded
IESG	Responsible AD	Peter Saint-Andre
	Charter edit AD	(None)
	Send notices to	(None)

charter-ietf-httpstate-01

The HTTP State Management Mechanism (aka Cookies) was originally
  created by Netscape Communications in their informal Netscape cookie
  specification ("cookie_spec.html"), from which formal specifications
  RFC 2109 and RFC 2965 evolved. The formal specifications, however,
  were never fully implemented in practice; RFC 2109, in addition to
  cookie_spec.html, more closely resemble real-world implementations
  than RFC 2965, even though RFC 2965 officially obsoletes the former.
  Compounding the problem are undocumented features (such as HTTPOnly),
  and varying behaviors among real-world implementations.
  
  The working group will create a new RFC that:
   * obsoletes RFC 2109,
   * updates RFC 2965 to the extent it overlaps or voids RFC 2109, and
   * specifies Cookies as they are actually used in existing 
     implementations and deployments.
  
  Where commonalities exist in the most widely used implementations, the
  working group will specify the common behavior. Where differences exist 
  among the most widely used implementations, the working group will 
  document the variations and seek consensus to reduce variation by 
  selecting among the most widely used variations.
  
  The working group must not introduce any new syntax or new semantics
  not already in common use.
  
  The working group's specific deliverables are:
  * A standards-track document that is suitable to supersede RFC 2109 
    (likely based on draft-abarth-cookie)
  * An informational document cataloguing the differences between major
    implementations
  
  In doing so, the working group should consider:
  
  * cookie_spec.html - Netscape Cookie Specification
    
  http://web.archive.org/web/20070805052634/http://wp.netscape.com/newsref/std/cookie_spec.html
  * RFC 2109 - HTTP State Management Mechanism (Obsoleted by RFC 2965)
     http://tools.ietf.org/html/rfc2109
  * RFC 2964 - Use of HTTP State Management
     http://tools.ietf.org/html/rfc2964
  * RFC 2965 - HTTP State Management Mechanism (Obsoletes RFC 2109)
     http://tools.ietf.org/html/rfc2965
  * I-D - HTTP State Management Mechanism v2
     http://tools.ietf.org/html/draft-pettersen-cookie-v2
  * I-D - Cookie-based HTTP Authentication
     http://tools.ietf.org/html/draft-broyer-http-cookie-auth
  * Widely Implemented - HTTPOnly
     http://www.owasp.org/index.php/HTTPOnly
  * Browser Security Handbook - Cookies
    
  http://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_cookies
  * HTTP Cookies: Standards, Privacy, and Politics by David M. Kristol
     http://arxiv.org/PS_cache/cs/pdf/0105/0105018v1.pdf

HTTP State Management Mechanism charter-ietf-httpstate-01

HTTP State Management Mechanism
charter-ietf-httpstate-01