Set-Cookie2
Click on the red underlined text to get to the source
... cookie is the request-port of the request in which
a Set-Cookie2 response header was returned to the user agent.
...
... The two state management headers, Set-Cookie2 and Cookie, have common
syntactic properties involving attribute-value pairs. The following
...
... session. It MAY send back to the client a Set-Cookie2 response
header with the same or different information, or it MAY send no
...
... header with the same or different information, or it MAY send no
Set-Cookie2 header at all. The origin server effectively ends a
session ...
...
An origin server MAY include multiple Set-Cookie2 headers in a
response. Note that an intervening gateway ...
... Set-Cookie2 Syntax ...
... The syntax for the Set-Cookie2 response
header is ...
... "Set-Cookie2:" cookies ...
... specification. However, because the cookie's NAME must come first in
a Set-Cookie2 response header, the NAME and its VALUE cannot be
confused with an attribute-value pair.
...
... Opaque" implies that the content is of
interest and relevance only to the origin server. The content
may, in fact, be readable by anyone that examines the Set-Cookie2
header.
...
... An origin server must be cognizant of the
effect of possible caching of both the returned resource and the
Set-Cookie2 header. Caching "public" documents is desirable. For
example, if the origin server wants ...
... a "front door" page as a sentinel to indicate the beginning of a
session for which a Set-Cookie2 response header must be generated,
the page SHOULD be stored in caches ...
...
If the cookie is intended for use by a single user, the Set-Cookie2
header SHOULD NOT be cached. A Set-Cookie2 ...
... Set-Cookie2
header SHOULD NOT be cached. A Set-Cookie2 header that is intended
to be shared by multiple users MAY be cached.
...
...
* To suppress caching of the Set-Cookie2 header:
...
... HTTP/1.1 servers MUST send Expires: old-date (where old-date is a
date long in the past) on responses containing Set-Cookie2 response
headers unless they know for certain (by out of band means) that
...
... Interpreting Set-Cookie2 ...
... user agent keeps separate track
of state information that arrives via Set-Cookie2 response headers
from each origin server (as distinguished by name or IP address ...
... Defaults to the path of the request URL that generated the
Set-Cookie2 response, up to and including the right-most /. ...
... user agent rejects (SHALL NOT
store its information) if any of the following is true of the
attributes explicitly present in the Set-Cookie2 response header:
...
... would be rejected, because H is y.x and contains a dot.
* A Set-Cookie2 from request-host x.foo.com for Domain=.foo.com
...
... rejected, because there is no embedded dot.
* A Set-Cookie2 with Domain=ajax.com will be accepted, and the
value for Domain ...
... gets prepended to the value.
* A Set-Cookie2 with Port="80,8000" will be accepted if the
request was made to port ...
...
If a user agent receives a Set-Cookie2
response header whose NAME is the same as that of a cookie ...
... user interface may include a facility whereby a
user can decide, at the time the user agent receives the Set-Cookie2
response header, whether or not to accept the cookie ...
... version attribute MUST be the value from the
Version attribute of the corresponding Set-Cookie2 response header.
Otherwise the value for cookie ...
... path
attribute MUST be the value from the Path attribute, if one was
present, of the corresponding Set-Cookie2 response header. Otherwise
the attribute SHOULD be omitted from the Cookie ...
... domain attribute MUST be the value from the Domain
attribute, if one was present, of the corresponding Set-Cookie2
response header. Otherwise the attribute SHOULD be omitted from the
...
... header MUST mirror the Port
attribute, if one was present, in the corresponding Set-Cookie2
response header. That is, the port ...
... port attribute MUST be present if the
Port attribute was present in the Set-Cookie2 header, and it MUST
have the same value, if any. Otherwise, if the Port ...
... have the same value, if any. Otherwise, if the Port attribute was
absent from the Set-Cookie2 header, the attribute likewise MUST be
omitted from the Cookie ...
... There are three possible behaviors, depending on the Port
attribute in the Set-Cookie2 response header: ...
...
A user agent returns much of the information in the Set-Cookie2
header to the origin server when the request-URI ...
...
Set-Cookie2: Part_Number="Rocket_Launcher_0001"; Version="1";
Path="/acme"
...
... and
Set-Cookie2: Part_Number="Riding_Rocket_0023"; Version="1";
Path="/acme/ammo"
...
... Set-Cookie2 Content ...
... information. The application areas can be distinguished by their
request URLs. The Set-Cookie2 header can incorporate information
about the application areas by setting the Path attribute ...
... cookie non-terminal in the syntax description
of the Set-Cookie2 header, and as received in the Set-Cookie2
...
...
The information in a Set-Cookie2 response header MUST be retained in
its entirety. If for some reason there is inadequate space to store
...
...
An origin server could create a Set-Cookie2 header to track the path
of a user through the server. Users may object to this behavior as
...
... an origin server. (The user agent would then behave like one that is
unaware of how to handle Set-Cookie2 response headers.)
...
... cookie implementations, based on the Netscape specification,
use the Set-Cookie (not Set-Cookie2) header. User agents that
...
... User agents that
receive in the same response both a Set-Cookie and Set-Cookie2
response header for the same cookie ...
... cookie MUST discard the Set-Cookie
information and use only the Set-Cookie2 information. Furthermore, a
user agent MUST assume, if it received a Set-Cookie2 ...
... Set-Cookie2 information. Furthermore, a
user agent MUST assume, if it received a Set-Cookie2 response header,
that the sending server complies with this document and will
...
... That is, if a user agent that follows both this specification and
Netscape's original specification receives a Set-Cookie2 response
header, and the NAME and the Domain ...
... user agents that do not understand this specification, but that
do understand Netscape's original specification, will not recognize
the Set-Cookie2 response header and will receive and send cookies
...
... Set-Cookie
response header and not in a Set-Cookie2 response header. However,
it SHOULD send the following request header ...
... HTTP/1.0, will inevitably
cache the Set-Cookie2 and Set-Cookie headers, because there was no
...
... caching can lead to security problems. Documents transmitted by an
origin server along with Set-Cookie2 and Set-Cookie headers usually
...
... combination of factors can lead to cookies meant for one user later
being sent to another user. The Set-Cookie2 and Set-Cookie headers
...