Apache-SecSess
2 results

 view release on metacpan or  search on metacpan

rfc/rfc2109.txt  view on Meta::CPAN 

   the = that separates attribute-value pairs.  Therefore such
   whitespace should be used with caution in new implementations.

10.2  Caching and HTTP/1.0

   Some caches, such as those conforming to HTTP/1.0, will inevitably
   cache the Set-Cookie header, because there was no mechanism to
   suppress caching of headers prior to HTTP/1.1.  This caching can lead
   to security problems.  Documents transmitted by an origin server
   along with Set-Cookie headers will usually either be uncachable, or
   will be "pre-expired".  As long as caches obey instructions not to
   cache documents (following Expires: <a date in the past> or Pragma:
   no-cache (HTTP/1.0), or Cache-control: no-cache (HTTP/1.1))
   uncachable documents present no problem.  However, pre-expired
   documents may be stored in caches.  They require validation (a
   conditional GET) on each new request, but some cache operators loosen
   the rules for their caches, and sometimes serve expired documents
   without first validating them.  This combination of factors can lead
   to cookies meant for one user later being sent to another user.  The
   Set-Cookie header is stored in the cache, and, although the document
   is stale (expired), the cache returns the document in response to
   later requests, including cached headers.

11.  ACKNOWLEDGEMENTS

   This document really represents the collective efforts of the
   following people, in addition to the authors: Roy Fielding, Marc
   Hedlund, Ted Hardie, Koen Holtman, Shel Kaphan, Rohit Khare.












Kristol & Montulli          Standards Track                    [Page 20]

RFC 2109            HTTP State Management Mechanism        February 1997


12.  AUTHORS' ADDRESSES

   David M. Kristol
   Bell Laboratories, Lucent Technologies
   600 Mountain Ave.  Room 2A-227
   Murray Hill, NJ  07974

   Phone: (908) 582-2250
   Fax: (908) 582-5809
   EMail: dmk@bell-labs.com


   Lou Montulli
   Netscape Communications Corp.
   501 E. Middlefield Rd.
   Mountain View, CA  94043

   Phone: (415) 528-2600
   EMail: montulli@netscape.com
































Kristol & Montulli          Standards Track                    [Page 21]



( run in 0.684 second using v1.01-cache-2.11-cpan-ceb78f64989 )