26409 – Differences between cookie prose and RFC 6265

This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 26409 - Differences between cookie prose and RFC 6265

Summary: Differences between cookie prose and RFC 6265

Status:	RESOLVED FIXED

Alias:	None

Product:	Browser Test/Tools WG
Classification:	Unclassified
Component:	WebDriver (show other bugs)
Version:	unspecified
Hardware:	All All

Importance:	P2 normal
Target Milestone:	---
Assignee:	Browser Testing and Tools WG
QA Contact:	Browser Testing and Tools WG

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:	20860
	Show dependency tree / graph

Reported:	2014-07-22 19:26 UTC by Andrey Botalov
Modified:	2015-03-31 14:43 UTC (History)
CC List:	3 users (show)

See Also:

Attachments

Description Andrey Botalov 2014-07-22 19:26:01 UTC

1. Domain

Documentation of Cookie dictionary contains:
"This should be set or must be the null value if unknown."

Section 5.3.4 of RFC contains:
"Otherwise: Let the domain-attribute be the empty string."

So it's not clear if it should be null or empty string

2. Path

Documentation of Cookie dictionary contains:
"This should be set or must be the null value if unknown."

Section 5.3.4 of RFC contains:
"Otherwise, set the cookie's path to the default-path of the request-uri."

Section 5.2.4 of RFC contains:
"If the attribute-value is empty or if the first character of the attribute-value is not %x2F ("/"): Let cookie-path be the default-path."

So it's not clear if it should be null or default-path computed using the algorithm from 5.1.4

3. Expiry

Documentation of Cookie dictionary contains:
"This should be set or must be null if unknown."

Section 5.3.3 of RFC contains an algorithm that always sets expiry to some value.

4. Secure/httpOnly

Documentation of Cookie dictionary contains (for both secure and httponly):
"If this attribute is missing, the local ends must interpret this as being false."

Also section 5.3.8 and 5.3.9 contain:
"Otherwise, set the cookie's secure-only-flag to false."
"Otherwise, set the cookie's http-only-flag to false."

It makes sense only for getCookie endpoint.

Suggestion (for items above): Phrases like "This should be set or must be null if unknown." in cookie dictionary prose make sense only for getCookie. So if they are needed they should be moved there and also they should probably correspond to definitions of RFC (i.e. if RFC tells that default-path should be returned, then returning null is quiet strange).

5. Prose of addCookie contains:
"If there is an error during this step return a unable to set cookie error."

But actually section 5.3 of RFC doesn't even contain a word "error".

Suggestion: Transform this sentence to something like:
"If the cookie wasn't set (i.e. ignored) by this step return a unable to set cookie error."

IMHO it would be better as algorithm contains "ignore" several times.

Note: I haven't read RFC 6265 fully, only a few parts of it.

Comment 1 David Burns :automatedtester 2014-07-22 20:34:21 UTC

This wasnt updated with the other change because it requires Simon's action (http://www.w3.org/2014/07/07-testing-minutes.html#action24) to be completed.

I am leaning to removing the dictionary and just have prose to describe object to IDL conversion which would simplify things dramatically.

Comment 2 David Burns :automatedtester 2015-03-31 14:43:49 UTC

fixed https://github.com/w3c/webdriver/commit/08382499cb775645b61b313be4fd441b72259b56