hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kalnichevski, Oleg" <oleg.kalnichev...@bearingpoint.com>
Subject RE: Bad cookie header: illegal domain attribute
Date Tue, 17 Dec 2002 11:11:44 GMT
Hi Mike

> Am I just overlooking something or is this policy *only* a global 
> setting?  I would have expected the ability to set the policy on a per 
> HttpClient basis (perhaps in the HttpState) but I didn't see a method 
> for that.

You are not overlooking anything. I did think about making cookie policy apply on per client
basis but finally decided against it for the following reasons:

- the number of options in the HttpClient class may already be seen as overwhelming especially
for beginners

- there's already "strict mode" flag in the HttpClient class. I was kind of uncomfortable
about introducing a cookie management strictness mode in addition to this one. The nasty thing
about it is that the strict mode is off by default whereas I thought that RFC 2109 compliance
should be on by default. It would be illogical in my opinion to have conflicting strictness
modes in the same class

- Let's face it: you would not want to simultaneously access different sites with different
cookie policy, would you? What does make sense in my opinion is to apply non-default cookie
policy to specific sites that have compliance problems. But you would still hit those sites
sequentially. If this assumption is true, then juggling with the global cookie policy setting
would be acceptable in my opinion.

If you find this rationale not convincing enough, make it known. The cookie management API
is not carved in stone (yet). However, an option of assigning a different cooking policy in
the HttpState class does sound apealing

Can other people share their opinion on that?


View raw message