OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wsrp-wsia message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: Re: [wsrp-wsia] [change request #69] Cookie use across binding


It all depends on how the cookie was set. Referring to RFC 2109, if the 
cookie was created with the "Secure" attribute, browsers MAY not send 
the cookies back over non-secure channels. If not, browsers do send the 
cookies regardless of the scheme used for the request. Per this RFC, the 
"Secure" attribute is just an advice to the browser.

So, it is possible to set a cookie over https to a browser, and get it 
back over http (by not setting the Secure attribute in the cookie) and 
vice versa.

Subbu

Carsten Leue wrote:

 > So you don't see the argument made that the cookie will most likely 
not be
 > handled correctly between http and https port types? I think that the
 > spec's statement is valid.
 >
 > Best regards
 > Carsten Leue
 >
 > -------
 > Dr. Carsten Leue
 > Dept.8288, IBM Laboratory Böblingen , Germany
 > Tel.: +49-7031-16-4603, Fax: +49-7031-16-4401
 >
 >
 >
 > 
                    Rich 
                        Thompson/Watson/I 
                            BM@IBMUS 
                To 
wsrp-wsia@lists.oasis-open.org                   01/24/2003 06:33 
                                     cc              PM 
 
                                        Subject 
                [wsrp-wsia] [change request #69] 
                    Cookie use across binding 
 
 
 
 
 
 

 >
 >
 >
 > Document: Spec
 > Section: 6.6
 > Page/Line: 44/5-16
 > Requested by: Alejandro Abdelnur
 > Old text:
 > Proposed text: [delete after "porttype."]
 > Reasoning: I don't agree with the recommendation on not swapping from
 > non-secure to secure and vice versa.
 >
 > ----------------------------------------------------------------
 > To subscribe or unsubscribe from this elist use the subscription
 > manager: <http://lists.oasis-open.org/ob/adm.pl>
 >
 >
 >
 >
 > ----------------------------------------------------------------
 > To subscribe or unsubscribe from this elist use the subscription
 > manager: <http://lists.oasis-open.org/ob/adm.pl>






[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC