[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [wsrp-wsia] [change request #69] Cookie use across binding
It all depends on how the cookie was set. Referring to RFC 2109, if the cookie was created with the "Secure" attribute, browsers MAY not send the cookies back over non-secure channels. If not, browsers do send the cookies regardless of the scheme used for the request. Per this RFC, the "Secure" attribute is just an advice to the browser. So, it is possible to set a cookie over https to a browser, and get it back over http (by not setting the Secure attribute in the cookie) and vice versa. Subbu Carsten Leue wrote: > So you don't see the argument made that the cookie will most likely not be > handled correctly between http and https port types? I think that the > spec's statement is valid. > > Best regards > Carsten Leue > > ------- > Dr. Carsten Leue > Dept.8288, IBM Laboratory Böblingen , Germany > Tel.: +49-7031-16-4603, Fax: +49-7031-16-4401 > > > > Rich Thompson/Watson/I BM@IBMUS To wsrp-wsia@lists.oasis-open.org 01/24/2003 06:33 cc PM Subject [wsrp-wsia] [change request #69] Cookie use across binding > > > > Document: Spec > Section: 6.6 > Page/Line: 44/5-16 > Requested by: Alejandro Abdelnur > Old text: > Proposed text: [delete after "porttype."] > Reasoning: I don't agree with the recommendation on not swapping from > non-secure to secure and vice versa. > > ---------------------------------------------------------------- > To subscribe or unsubscribe from this elist use the subscription > manager: <http://lists.oasis-open.org/ob/adm.pl> > > > > > ---------------------------------------------------------------- > To subscribe or unsubscribe from this elist use the subscription > manager: <http://lists.oasis-open.org/ob/adm.pl>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC