[Search] [txt|ps|pdf|bibtex] [Tracker] [WG] [Email] [Nits]

Versions: 00                                                            
HTTP Working Group                                      David M. Kristol
INTERNET DRAFT                    Bell Laboratories, Lucent Technologies
February 3, 1997                                  Expires August 3, 1997

                HTTP State Management Mechanism (Errata)

                          Status of this Memo

     This document is an Internet-Draft.  Internet-Drafts are
     working documents of the Internet Engineering Task Force
     (IETF), its areas, and its working groups.  Note that other
     groups may also distribute working documents as Internet-

     Internet-Drafts are draft documents valid for a maximum of six
     months and may be updated, replaced, or obsoleted by other
     documents at any time.  It is inappropriate to use Internet-
     Drafts as reference material or to cite them other than as
     ``work in progress.''

     To learn the current status of any Internet-Draft, please
     check the ``1id-abstracts.txt'' listing contained in the
     Internet- Drafts Shadow Directories on ftp.is.co.za (Africa),
     nic.nordu.net (Europe), munnari.oz.au (Pacific Rim),
     ds.internic.net (US East Coast), or ftp.isi.edu (US West

     This is author's draft 1.9.


This document contains miscellaneous small wording changes and
clarifications to draft-ietf-http-state-mgmt-05, the HTTP State
Management Mechanism draft.


Changes are referenced to the sections in the original document.  New or
changed text is shown in []'s.

4.2.2 Set-Cookie Syntax
     Under the heading: Comment=comment:

     ``Optional.  Because cookies can contain private information about
     a user, the [Comment] attribute allows an origin server to document
     its intended use of a cookie....''

     Under the heading: Secure:

Kristol         draft-ietf-http-state-mgmt-errata-00.txt        [Page 1]

INTERNET DRAFT  HTTP State Management Mechanism (Errata)February 3, 1997

     ``Optional.  The Secure attribute (with no value) directs the user
     agent to use only (unspecified) secure means to contact the origin
     server whenever it sends back this cookie[, to protect the
     confidentially and authenticity of the information in the

4.2.3  Controlling Caching

     The directive max-age=0 is necessary in the Cache-Control header to
     force revalidation.  Therefore, two example headers must change.

     The example header in the second bullet should read Cache-Control:
     must-revalidate[, max-age=0].

     The example header in the third bullet should read Cache-Control:
     proxy-revalidate[, max-age=0].

4.3.2  Rejecting Cookies
     ``To prevent possible security or privacy violations, a user agent
     rejects a cookie (shall not store its information) if any of the
     following is true [of the attributes explicitly present in the
     Set-Cookie response header]:...''

10.2 Compatibility with Microsoft's Implementation
     [Insert new section between current sections 10.1 and 10.2.]

     ``Microsoft Internet Explorer (MSIE) Version 3 and earlier will
     fail to handle some cookies that use this specification.  For
     example, if a server sends the following response header to MSIE V3
     (omitting the line breaks):

     Set-cookie: xx="1=2&3-4";
         Version=1; Max-Age=15552000; Path=/;
         Expires=Sun, 27 Apr 1997 01:16:23 GMT

     then MSIE V3 will send something like the following request header
     next time:

         Cookie: Max-Age=15552000

     instead of the correct

         Cookie: xx="1=2&3-4"

     In other words, MSIE sends back the wrong cookie name and value.''

Kristol         draft-ietf-http-state-mgmt-errata-00.txt        [Page 2]

INTERNET DRAFT  HTTP State Management Mechanism (Errata)February 3, 1997


The following people identified problems and/or suggested improvements
in draft-ietf-http-state-mgmt-05: Anselm Baird Smith (reported by Koen
Holtman), Jason Catlett, Martijn Koster (reported by Koen Holtman),
Raymie Stata.


David M. Kristol
Bell Laboratories, Lucent Technologies
600 Mountain Ave.  Room 2A-227
Murray Hill, NJ  07974

Phone: (908) 582-2250
FAX: (908) 582-5809
Email: dmk@bell-labs.com

                                                  Expires August 3, 1997

Kristol         draft-ietf-http-state-mgmt-errata-00.txt        [Page 3]