[http-state] [Technical Errata Reported] RFC6265 (6719)
3 views
Skip to first unread message
RFC Errata System
Oct 22, 2021, 7:33:36 PM10/22/21
to aba...@eecs.berkeley.edu, supe...@gmail.com, francesca...@ericsson.com, Jeff....@kingsmountain.com, phi...@gladstonefamily.net, rfc-e...@rfc-editor.org, http-...@ietf.org
The following errata report has been submitted for RFC6265,
"HTTP State Management Mechanism".
--------------------------------------
You may review the report below and at:
https://www.rfc-editor.org/errata/eid6719
--------------------------------------
Type: Technical
Reported by: Philip Gladstone <phi...@gladstonefamily.net>
Section: 4.1.1
Original Text
-------------
max-age-av = "Max-Age=" non-zero-digit *DIGIT
Corrected Text
--------------
max-age-av = "Max-Age=" non-negative-integer
non-negative-integer = zero-digit / (non-zero-digit *DIGIT)
zero-digit = %x30
Notes
-----
In section 5.2.2, there is the following text on the value of the max-age:
> Let delta-seconds be the attribute-value converted to an integer.
>
> If delta-seconds is less than or equal to zero (0), let expiry-time
> be the earliest representable date and time.
If max-age is an integer greater than 0, then the entire sentence is meaningless. It is a common practice to use max-age=0 to expire a cookie immediately. I think that the ABNF is incorrect. However, I don't see any reason to permit negative values.
Instructions:
-------------
This erratum is currently posted as "Reported". If necessary, please
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party
can log in to change the status and edit the report, if necessary.
--------------------------------------
RFC6265 (draft-ietf-httpstate-cookie-23)
--------------------------------------
Title : HTTP State Management Mechanism
Publication Date : April 2011
Author(s) : A. Barth
Category : PROPOSED STANDARD
Source : HTTP State Management Mechanism
Area : Applications
Stream : IETF
Verifying Party : IESG
_______________________________________________
http-state mailing list
http-...@ietf.org
https://www.ietf.org/mailman/listinfo/http-state
"HTTP State Management Mechanism".
--------------------------------------
You may review the report below and at:
https://www.rfc-editor.org/errata/eid6719
--------------------------------------
Type: Technical
Reported by: Philip Gladstone <phi...@gladstonefamily.net>
Section: 4.1.1
Original Text
-------------
max-age-av = "Max-Age=" non-zero-digit *DIGIT
Corrected Text
--------------
max-age-av = "Max-Age=" non-negative-integer
non-negative-integer = zero-digit / (non-zero-digit *DIGIT)
zero-digit = %x30
Notes
-----
In section 5.2.2, there is the following text on the value of the max-age:
> Let delta-seconds be the attribute-value converted to an integer.
>
> If delta-seconds is less than or equal to zero (0), let expiry-time
> be the earliest representable date and time.
If max-age is an integer greater than 0, then the entire sentence is meaningless. It is a common practice to use max-age=0 to expire a cookie immediately. I think that the ABNF is incorrect. However, I don't see any reason to permit negative values.
Instructions:
-------------
This erratum is currently posted as "Reported". If necessary, please
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party
can log in to change the status and edit the report, if necessary.
--------------------------------------
RFC6265 (draft-ietf-httpstate-cookie-23)
--------------------------------------
Title : HTTP State Management Mechanism
Publication Date : April 2011
Author(s) : A. Barth
Category : PROPOSED STANDARD
Source : HTTP State Management Mechanism
Area : Applications
Stream : IETF
Verifying Party : IESG
_______________________________________________
http-state mailing list
http-...@ietf.org
https://www.ietf.org/mailman/listinfo/http-state
Reply all
Reply to author
Forward
0 new messages