As far as I know: Restlet does not track the RFC 2965 Set-Cookie2 behavior, and RFC 2109 Set-Cookie cookies do not have a means of restricting by port. Although RFC 2965 was introduced in 2000, Set-Cookie2 was pretty much academic until recently -- the bulk of browsers in the wild did not support it. I think this is no longer true; a lot of modern browsers understand RFC 2965 cookie headers, enough that frameworks should care.
I suspect a little thinking is necessary before this can be implemented in Restlet, though. It would not be very nice to bloat responses by sending both Set-Cookie and Set-Cookie2 headers, and I'd hate to get into the mode of trying to track which user agents support it and which don't. Perhaps if Restlet extends CookieSetting to support RFC 2965 nuances like port, and someone sets these extended values, this could trigger the insertion of the extra Set-Cookie2 header; otherwise if Set-Cookie does the job it can be relied on alone. As a workaround for your app right now, I think you can use Restlet's non-standard header mechanism ( http://www.restlet.org/documentation/2.0/api/org/restlet/data/Message.html#getAttributes%28%29) to explicitly create the Set-Cookie2 header yourself. If this works out, it would be nice to create an RFE for RFC 2965 cookie support and share your experiences and/or a patch :-) I wouldn't mind adding this capability to my Restlet based applications either. - R On Mon, Aug 10, 2009 at 7:29 AM, <[email protected]> wrote: > Hello, > > AFAIK cookies allow for specifying a port-parameter that ties the cookie to > that specific port (in fact, I am getting a little confused between RFC 2109 > and RFC 2965 and couldn't work out which was the one to look at, so pardon > me, if I am mistaken). > > CookieSetting doesn't allow for a port parameter to be specified. I assume, > this is something rarely required anyway. However, it would be most helpful > for me in my current project, so I was wondering if anyone could think of a > way to get that parameter in there. The cookie writing is done inside the > engine so I can't think of a straight forward way to add in my own little > bit of code. > > Any hints are very much appreciated, thanks in advance > Stefan > > ------------------------------------------------------ > > http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2382035 > ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2382097
