httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yann Ylavic <ylavic....@gmail.com>
Subject Re: Logging multiple values for the same cookie name?
Date Fri, 07 Mar 2014 23:08:32 GMT
On Sat, Mar 8, 2014 at 12:06 AM, William A. Rowe Jr. <wmrowe@gmail.com> wrote:
>
> On Mar 7, 2014 4:50 PM, "Yann Ylavic" <ylavic.dev@gmail.com> wrote:
>>
>> On Fri, Mar 7, 2014 at 10:25 PM, William A. Rowe Jr. <wmrowe@gmail.com>
>> wrote:
>> > In working through this code, I realized that you may have multiple
>> > cookie
>> > headers of multiple values for the same cookie name.
>> >
>> > Mark Thomas looked at the spec for me and determined they would be
>> > entirely
>> > permissible by RFC 6265 S4.2.2.  But today we simply log one and done.
>>
>> I can't presume how far you plan to handle the multiple cookie
>> headers, but should you handle "Cookie: name1=value1, name2=value2" as
>> two distinct cookies (like comma separated headers defined by the HTTP
>> RFC), it's good to know that most (if not all) user-agents won't,
>> mostly because applications (cookie setters) won't either quote
>> Set-Cookie values or attributes containing comma (double-quotes were
>> not defined with cookies version 0).
>>
>> As a consequence, the above is commonly considered a single cookie
>> named [name1] with value [value1, name2=value2]...
>
> Did you mean comma?  Or semicolon?

Comma yes.
Semicolon is the only de facto cookie separator.

Mime
View raw message