Hi Joao, On Tue, Oct 29, 2019 at 09:10:11PM -0300, Joao Morais wrote: > > Hi Willy, > > > Em 29 de out de 2019, à(s) 04:27, Willy Tarreau <w...@1wt.eu> escreveu: > > > > No, please look at the RFC again, it's very precise on this : > > https://tools.ietf.org/html/rfc2109 > > Thanks for taking the time to review my patch. > > In fact I read RFC 6265 which doesn't take the leading dot as mandatory. 6265 > obsoletes 2965, which obsoletes 2109.
You're right, it's interesting to see that this part changed in 6265. Apparently this happened first in 2965 with set-cookie2 that nobody except Opera and haproxy implemented, then the rule was relaxed in 6265 when trying to merge both specs and document what was really deployed in browsers. > What I need to implement is a way to share the sticky session cookie between > two distinct but related domains, say haproxy.org and haproxy.com, without > its subdomains. I couldn't do that in a way that worked and without a > warning. Interesting, that's probably what forced browsers to ignore the leading dot when in the early 2000s we started to see host-less site names. Then I think we can indeed include your patch but then we also need to change the comment mentioning RFC2109 and update it to 6265. Willy