This page contains a draft for formal RFC errata texts related to the HTTP State Management Mechanism (RFC2109, RFC2965). The list for RFC2109 will need several parts from the list for RFC2965 (just with different section numbers), but duplicates are currently avoided in order to simplify changes.
Reported by: Arne Thomassen; arne@arne-thomassen.de
Date: ???
In section 1:
The terms user agent, client, server, proxy, origin server, and
http_URL have the same meaning as in the HTTP/1.1 specification
[RFC2616]. The terms abs_path and absoluteURI have the same meaning
as in the URI Syntax specification [RFC2396].
Should be:
The terms user agent, client, server, proxy, origin server, and
header field, and the tokens DIGIT, token, http_URL, and quoted-string
have the same meaning as in the HTTP/1.1 specification [RFC2616]. The
tokens abs_path and absoluteURI have the same meaning as in the URI
Syntax specification [RFC2396].
The grammar uses the notation from the HTTP/1.1 specification
[RFC2616] to describe the syntax of HTTP header fields.
In section 1:
The term effective host name is related to host name. If a host name
contains no dots, the effective host name is that name with the
string .local appended to it. Otherwise the effective host name is
the same as the host name. Note that all effective host names
contain at least one dot.
Should be:
The term effective host name is related to host name. If a host name
is a host domain name and contains no dots, the effective host name
is that name with the string .local appended to it. Otherwise the
effective host name is the same as the host name.
In section 3.1:
The two state management headers, Set-Cookie2 and Cookie, have common
syntactic properties involving attribute-value pairs. The following
grammar uses the notation, and tokens DIGIT (decimal digits), token
(informally, a sequence of non-special, non-white space characters),
and http_URL from the HTTP/1.1 specification [RFC2616] to describe
their syntax.
Should be:
The two state management header fields Set-Cookie2 and Cookie have
common syntactic properties involving attribute-value pairs.
In section 3.2.1:
A user agent returns a Cookie request header (see below) to the
origin server if it chooses to continue a session.
Should be:
A user agent returns one or more Cookie request header fields (see
below) to the origin server if it chooses to continue a session.
In section 3.2.2:
confidentially and authenticity of the information in the cookie.
Should be:
confidentiality and authenticity of the information in the cookie.
In section 3.3.4:
3.3.4 Sending Cookies to the Origin Server When it sends a request
to an origin server, the user agent includes a Cookie request header
if it has stored cookies that are applicable to the request, based on
Should be:
3.3.4 Sending Cookies to the Origin Server When it sends a request
to an origin server, the user agent includes one or more Cookie
request header fields if it has stored cookies that are applicable to
the request, based on
In section 3.3.4:
port = "$Port" [ "=" <"> value <"> ]
Should be:
port = "$Port" [ "=" <"> portlist <"> ]
In section 3.3.4:
The port attribute of the Cookie request header MUST mirror the Port
attribute, if one was present, in the corresponding Set-Cookie2
response header. That is, the port attribute MUST be present if the
Port attribute was present in the Set-Cookie2 header, and it MUST
have the same value, if any. Otherwise, if the Port attribute was
absent from the Set-Cookie2 header, the attribute likewise MUST be
omitted from the Cookie request header.
Should be:
The port attribute of the Cookie request header field MUST be exactly
the value of the Port attribute, if one was present, in the corre-
sponding Set-Cookie2 response header field. That is, the port
attribute MUST be present if the Port attribute was present in the
Set-Cookie2 header field, and it MUST have the same value (the exact
character sequence), if any. Otherwise, if the Port attribute was
absent from the Set-Cookie2 header field, the attribute likewise MUST
be omitted from the Cookie request header field.
In section 7.2:
Cookie: $Version="1"; session_id="1234",
$Version="1"; session_id="1111"; $Domain=".cracker.edu"
Should be:
Cookie: $Version="1"; session_id="1234"
Cookie: $Version="1"; session_id="1111"; $Domain=".cracker.edu"
Throughout the document, "header" should be "header field", and
"headers" should be "header fields", respectively.
Reported by: Arne Thomassen; arne@arne-thomassen.de
Date: ???
In section 4.2.1: An origin server may include multiple Set-Cookie headers in a response. Note that an intervening gateway could fold multiple such headers into a single header. Should be: An origin server MAY include multiple Set-Cookie header fields in a response. In section 10.1.2: Netscape's original proposal defined an Expires header that took a date value in a fixed-length variant format in place of Max-Age: Should be: Netscape's original proposal defined an Expires attribute that took a date value in a fixed-length variant format in place of Max-Age: In section 10.1.2, the following paragraph should be appended: Contrary to RFC 2616, 4.2, origin servers, proxies etc. MUST NOT combine Set-Cookie response header fields. This restriction is necessary because a Set-Cookie header field that follows Netscape's original proposal will contain an unquoted comma after a weekday name in an Expires attribute value, and existing incorrect/unaware user agent implementations will be confused when a comma can also mean a cookie separator.