On Saturday 23 January 2010 02:44:39 Luke Plant wrote: > BTW, further research shows that we are not really RFC 2109 > compliant at all, but then again no-one is. It seems virtually > everyone (server side and client side) is using 'Netscape style' > cookies with some things adopted from RFC 2109 and RFC 2965, > including 'max-age' and the use of quoted-string, but not the all > important "Version" attribute which turns on RFC 2109 cookies. > Hardly anyone is using Set-Cookie2 from RFC 2965. So specs of any > kind are fairly meaningless here, it's a matter of what everyone > does.
Actually, to add a bit more: http://www.ietf.org/mail-archive/web/http-state/current/msg00078.html http://codereview.chromium.org/17045 It's all pretty horrific, it pushes me back towards adding a layer of quoting to our cookie handling just to try to avoid it all - but a robust encoding which definitely avoids all problems. We should note that the presence of semi-colons is more likely to cause problems than commas - Internet Explorer splits on semi-colons, irrespective of quotation marks. Luke -- Sometimes I wonder if men and women really suit each other. Perhaps they should live next door and just visit now and then. (Katherine Hepburn) Luke Plant || http://lukeplant.me.uk/ -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-develop...@googlegroups.com. To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
