Hi Joao,

On Tue, Oct 29, 2019 at 09:10:11PM -0300, Joao Morais wrote:
> Hi Willy,
> > Em 29 de out de 2019, à(s) 04:27, Willy Tarreau <w...@1wt.eu> escreveu:
> > 
> > No, please look at the RFC again, it's very precise on this :
> > https://tools.ietf.org/html/rfc2109
> Thanks for taking the time to review my patch.
> In fact I read RFC 6265 which doesn't take the leading dot as mandatory. 6265
> obsoletes 2965, which obsoletes 2109.

You're right, it's interesting to see that this part changed in 6265.
Apparently this happened first in 2965 with set-cookie2 that nobody
except Opera and haproxy implemented, then the rule was relaxed in 6265
when trying to merge both specs and document what was really deployed in

> What I need to implement is a way to share the sticky session cookie between
> two distinct but related domains, say haproxy.org and haproxy.com, without
> its subdomains. I couldn't do that in a way that worked and without a
> warning.

Interesting, that's probably what forced browsers to ignore the leading
dot when in the early 2000s we started to see host-less site names. Then
I think we can indeed include your patch but then we also need to change
the comment mentioning RFC2109 and update it to 6265.


Reply via email to