HTTPbis                                                        E. Wright
Internet-Draft                                                   Shopify
Updates: 6265 (if approved)                                     S. Huang
Intended status: Standards Track                                 M. West
Expires: September 4, 2016                                   Google, Inc
                                                           March 3, 2016


            A Retention Priority Attribute for HTTP Cookies
                     draft-west-cookie-priority-00

Abstract

   This document defines the "Priority" attribute for HTTP cookies.
   This attribute allows servers to specify a retention priority for
   HTTP cookies that will be respected by user agents during cookie
   eviction.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on September 4, 2016.

Copyright Notice

   Copyright (c) 2016 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of




Wright, et al.          Expires September 4, 2016               [Page 1]


Internet-Draft               cookie-priority                  March 2016


   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Terminology and notation  . . . . . . . . . . . . . . . . . .   2
   3.  Overview  . . . . . . . . . . . . . . . . . . . . . . . . . .   3
     3.1.  Examples  . . . . . . . . . . . . . . . . . . . . . . . .   3
   4.  Server Requirements . . . . . . . . . . . . . . . . . . . . .   4
     4.1.  Syntax  . . . . . . . . . . . . . . . . . . . . . . . . .   4
     4.2.  Semantics (Non-Normative) . . . . . . . . . . . . . . . .   5
     4.3.  The 'Priority' Attribute  . . . . . . . . . . . . . . . .   5
   5.  User Agent Requirements . . . . . . . . . . . . . . . . . . .   5
     5.1.  The 'Priority' Attribute  . . . . . . . . . . . . . . . .   5
     5.2.  Storage Model . . . . . . . . . . . . . . . . . . . . . .   5
   6.  Implementation Considerations . . . . . . . . . . . . . . . .   6
   7.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   6
     7.1.  Normative References  . . . . . . . . . . . . . . . . . .   6
     7.2.  Informative References  . . . . . . . . . . . . . . . . .   7
   Appendix A.  Acknowledgements . . . . . . . . . . . . . . . . . .   7
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   7

1.  Introduction

   This document defines the "Priority" attribute for HTTP cookies.
   Using the "Priority" attribute, servers may indicate that certain
   cookies should be protected, and others preferentially deleted.  When
   a user agent evicts cookies in the enforcement of a per-domain quota,
   lower priority cookies will be deleted first, potentially preserving
   higher-priority cookies that would otherwise have been deleted
   according to the rules of [RFC6265].

2.  Terminology and notation

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

   This specification uses the Augmented Backus-Naur Form (ABNF)
   notation of [RFC5234].

   Two sequences of octets are said to case-insensitively match each
   other if and only if they are equivalent under the "i;ascii-casemap"
   collation defined in [RFC4790].






Wright, et al.          Expires September 4, 2016               [Page 2]


Internet-Draft               cookie-priority                  March 2016


3.  Overview

   This section outlines a way for an origin server to indicate the
   retention priority for individual cookies and for the user agent to
   respect retention priorities during cookie eviction.

   To indicate a cookie's retention priority, the origin server includes
   a "Priority" attribute in the "Set-Cookie" HTTP response header.  A
   value of "Low" indicates that the cookie should be given lower
   retention priority (evicted prior to other cookies).  A value of
   "High" indicates that a cookie should be given higher retention
   priority (evicted after other cookies).  The value of "Medium"
   corresponds to the default behavior.

   In order to prevent starvation of functionality dependent on low- and
   medium-priority cookies, a fraction of the cookie quota should be
   reserved for them.

   [RFC6265], Section 5.3, describes a strategy that user agents must
   follow when "removing excess cookies".  A user agent implementing the
   current specification for a retention priority attribute will
   implement an extended priority order, dividing the second priority
   ("Cookies that share a domain field with more than a predetermined
   number of other cookies") into multiple levels corresponding to the
   three retention priorities.

   As a result, when the cookies for a given domain exceed user agent
   limits, cookies with low priority will be evicted first, followed by
   medium and high priority cookies.

3.1.  Examples

   Using the Priority attribute, an origin server may assign a retention
   priority to a cookie stored by a user agent.  For example, the origin
   server may prioritize the retention of session security tokens while
   indicating that superficial data such as a user's favorite color
   should be discarded in preference to other data.

   The following figure illustrates a series of 33 cookies received by a
   user-agent from the example.com server during one or more HTTP
   responses.  Each cookie is represented by an L, M, or H indicating
   low, medium, or high priority, respectively.

   == Least Recently Accessed -> Most Recently Accessed ==

      M L H H H H M H L L M M M M M M M L L L L L M M M M M H M M L L M





Wright, et al.          Expires September 4, 2016               [Page 3]


Internet-Draft               cookie-priority                  March 2016


   Assume that the user agent is configured to evict all but 25 cookies
   from a domain when the number of cookies exceeds 31.  [RFC6265]
   specifies the following eviction order.  Cookies are separated in the
   vertical axis by priority.  Evicted cookies are labeled with a '1'
   and retained cookies with an 'X'.

   == Least Recently Accessed -> Most Recently Accessed ==

   L    1             X X               X X X X X                 X X
   M  1           1       X X X X X X X           X X X X X   X X     X
   H      1 1 1 1   1                                       X

   A user agent that implements the current specification, reserving
   room for 5 low-, 15 medium-, and 5 high-priority cookies, would
   implement a modified eviction order as follows. '1', '2', and '3'
   indicate cookies evicted during various phases of the algorithm.

   == Least Recently Accessed -> Most Recently Accessed ==

   L    1             1 1               1 1 X X X                 X X
   M  2           2       X X X X X X X           X X X X X   X X     X
   H      3 X X X   X                                       X

   Of note is that the retention priority does not impact the relative
   eviction priority of cookies being evicted due to the global
   threshold (i.e., once no domain exceeds the per-domain threshold).
   Furthermore, this new attribute has no effect on domains that do not
   send it.

4.  Server Requirements

   This section describes the syntax and semantics of the "Priority"
   cookie attribute.

4.1.  Syntax

   The Set-Cookie HTTP response header syntax is defined in [RFC6265],
   Section 4.1.1.  The grammar defined therein provides for tokens of
   type 'extension-av'.  The Priority attribute is a subset of
   'extension-av' that may appear zero or one times in a given 'set-
   cookie-header'.  If it appears, the 'priority' attribute must conform
   to the following grammar:

   priority-av    = "Priority=" priority-value
   priority-value = "Low" / "Medium" / "High"






Wright, et al.          Expires September 4, 2016               [Page 4]


Internet-Draft               cookie-priority                  March 2016


4.2.  Semantics (Non-Normative)

   This section describes a simplified semantics of the "Priority"
   attribute in the "Set-Cookie" HTTP response header.  The full
   semantics are described in Section 5.

4.3.  The 'Priority' Attribute

   The "Priority" attribute indicates a retention priority relative to
   other cookies from the same domain as the cookie carrying the
   attribute.  During cookie eviction in enforcement of per-domain
   cookie limits, "Low" priority cookies will be evicted before "Medium"
   and "Medium" before "High".  Cookies without a specified priority are
   considered to have "Medium" priority.

5.  User Agent Requirements

   [RFC6265], Section 5.2 describes how user agents must parse the value
   of the "Set-Cookie" HTTP response header.  This specification
   provides additional processing steps that user agents must follow
   when they encounter a "Priority" attribute.

   "Set-Cookie" headers that do not specify the "Priority" attribute
   MUST be treated as if the attribute was present and had the value
   Medium.

5.1.  The 'Priority' Attribute

   If the "attribute-name" case-insensitively matches the string
   "Priority", the user agent MUST process the "cookie-av" as follows:

   If the "attribute-value" case-insensitively matches the string "Low",
   the cookie is assigned a low retention priority.

   If the "attribute-value" case-insensitively matches the string
   "Medium", the cookie is assigned a medium retention priority.

   If the "attribute-value" case-insensitively matches the string
   "High", the cookie is assigned a high retention priority.

   Otherwise, the cookie is assigned a medium retention priority.

5.2.  Storage Model

   [RFC6265], Section 6.1 recommends that user agents set limits on the
   number of cookies they will store.  [RFC6265], Section 5.3, describes
   a strategy that user must follow when "removing excess cookies".




Wright, et al.          Expires September 4, 2016               [Page 5]


Internet-Draft               cookie-priority                  March 2016


   A user agent implementing the current specification for a retention
   priority attribute will set aside a small portion of its storage
   quota for low-priority cookies, and another portion for medium-
   priority cookies.  During eviction, compatible user agents will
   implement an extended priority order, dividing the second priority
   ("Cookies that share a domain field with more than a predetermined
   number of other cookies") into three, according to the retention
   priorities and the space reserved for them.  Assuming that no other
   extensions ammend the rules defined in [RFC6265], a compatible user
   agent MUST therefore evict cookies in the following priority order (L
   and M refer to the amount of space reserved for low- and medium-
   priority cookies respectively, per domain).  As per [RFC6265], within
   each category the least-recently accessed cookies should be deleted
   first.

   1.  Expired cookies.

   2.  Cookies with a low retention priority that share a domain field
       with more than a predetermined number of other cookies, excluding
       the first L low-priority cookies from that domain.

   3.  Cookies with a low or medium retention priority that share a
       domain field with more than a predetermined number of other
       cookies, excluding the first L + M low- and medium-priority
       cookies from that domain.

   4.  Cookies that share a domain field with more than a predetermined
       number of other cookies.

   5.  All cookies.

6.  Implementation Considerations

   This specification extends [RFC6265] in order to enable improved
   behaviour when servers are unable or unwilling to keep the number of
   distinct cookies served by their domains within the limits of user
   agents.  As this specification is unlikely to ever achieve universal
   adoption by user agents, servers SHOULD gracefully degrade if their
   specifed cookie retention priorities are not respected.

7.  References

7.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <http://www.rfc-editor.org/info/rfc2119>.



Wright, et al.          Expires September 4, 2016               [Page 6]


Internet-Draft               cookie-priority                  March 2016


   [RFC4790]  Newman, C., Duerst, M., and A. Gulbrandsen, "Internet
              Application Protocol Collation Registry", RFC 4790,
              DOI 10.17487/RFC4790, March 2007,
              <http://www.rfc-editor.org/info/rfc4790>.

   [RFC5234]  Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax
              Specifications: ABNF", STD 68, RFC 5234,
              DOI 10.17487/RFC5234, January 2008,
              <http://www.rfc-editor.org/info/rfc5234>.

   [RFC6265]  Barth, A., "HTTP State Management Mechanism", RFC 6265,
              DOI 10.17487/RFC6265, April 2011,
              <http://www.rfc-editor.org/info/rfc6265>.

7.2.  Informative References

   [Wright2013]
              Wright, E. and S. Huang, "A Retention Priority Attribute
              for HTTP Cookies", n.d.,
              <https://docs.google.com/a/google.com/file/
              d/0B3o1IlTKoADVRllKWGlyWGxIVTg/edit>.

Appendix A.  Acknowledgements

   This document is based heavily on an earlier draft written by Erik
   Wright and Samuel Huang [Wright2013], and the experimentation done in
   cooperation with Google's login team.

Authors' Addresses

   Erik Wright
   Shopify


   Samuel Huang
   Google, Inc

   Email: huangs@google.com


   Mike West
   Google, Inc

   Email: mkwst@google.com







Wright, et al.          Expires September 4, 2016               [Page 7]