RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 6265, "HTTP State Management Mechanism", April 2011

Source of RFC: httpstate (app)

Errata ID: 3663

Status: Held for Document Update
Type: Technical

Reported By: Dave Thaler
Date Reported: 2013-06-17
Held for Document Update by: Barry Leiba
Date Held: 2013-08-07

Section 5.1.4 says:

A request-path path-matches a given cookie-path if at least one of
the following conditions holds:

o  The cookie-path and the request-path are identical.

It should say:

A request-path path-matches a given cookie-path if at least one of
the following conditions holds:

o  The cookie-path and the request-path are identical.  Note that this
   differs from the rules in RFC 3986 for equivalence of the path
   component, and hence two equivalent paths can have different
   cookies.

Notes:

The "identical" rule differs from the URI equivalence rule(s) in RFC 3986
sections 6.2 and 2.1 (e.g., "If two URIs differ only in the case of hexadecimal
digits used in percent-encoded octets, they are equivalent.") The fact that
equivalent URIs have different cookies arguably violates the principle of
least astonishment. To avoid significant confusion and prevent such surprise,
this fact should be noted so that it is at least not unexpected.

Report New Errata