Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cookie 5.4 storage model confusion #1059

Closed
essen opened this issue Feb 13, 2020 · 0 comments · Fixed by #1146
Closed

Cookie 5.4 storage model confusion #1059

essen opened this issue Feb 13, 2020 · 0 comments · Fixed by #1146
Assignees
@mikewest
Labels
6265bis

Comments

@essen
Copy link
Contributor

essen commented Feb 13, 2020
edited
Loading

https://httpwg.org/http-extensions/draft-ietf-httpbis-rfc6265bis.html#storage-model

Step 8 says:

If the cookie-attribute-list contains an attribute with an attribute-name
of “Secure”, set the cookie’s secure-only-flag to true. Otherwise,
set the cookie’s secure-only-flag to false.

But then Step 12 says:

If the cookie’s secure-only-flag is not set, [...]

It's impossible to reach step 12 with the secure-only-flag not set because it's always set in step 8.

I believe a better wording would be If the cookie's secure-only-flag is false,.
@mnot mnot added the 6265bis label Mar 17, 2020
@mikewest mikewest self-assigned this Mar 31, 2020
mikewest added a commit that referenced this issue Mar 31, 2020
@mikewest
[RFC6265bis] Fix 'secure-only-flag' processing.
e2cdc99 
The 'secure-only-flag' is never "not set". It is either "true" or
"false". This patch fixes two places where we should have been checking
for falsity.

Closes #1059.
@mikewest mikewest mentioned this issue Mar 31, 2020
Merged
mikewest added a commit that referenced this issue Apr 1, 2020
@mikewest
[RFC6265bis] Fix 'secure-only-flag' processing. (#1146)
a214951 
The 'secure-only-flag' is never "not set". It is either "true" or
"false". This patch fixes two places where we should have been checking
for falsity.

Closes #1059.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mikewest mikewest

Labels
6265bis
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[RFC6265bis] Fix 'secure-only-flag' processing. httpwg/http-extensions
3 participants
@mikewest @mnot @essen