RFC 6265, "HTTP State Management Mechanism", April 2011Source of RFC: httpstate (app)
Errata ID: 4044
Publication Format(s) : TEXT
Reported By: Pierre Lepropre
Date Reported: 2014-07-06
Rejected by: Barry Leiba
Date Rejected: 2014-07-12
Section 5.3 says:
Otherwise: Set the cookie's persistent-flag to false. Set the cookie's expiry-time to the latest representable date.
It should say:
Otherwise: Set the cookie's persistent-flag to false. Set the cookie's expiry-time to the latest representable date. This is a best-effort approach to ensure that the cookie will effectively expire when "the current session is over" (as defined by the user agent) and not anytime before.
The second action item isn't necessarily obvious for an implementer/reader. If I got the intention right, then I believe it might improve the "user-friendly" rating of this document. Otherwise, it might still be beneficial to explicit a bit the reasoning behind that action.
This report is actually an enhancement request. The discussion of this report on the http-state mailing list should be reviewed if the document is ever revised.