Dismiss
InnovationQ/InnovationQ Plus content will be updated on Sunday, June 25, 10am ET, with new patent and non-patent literature collections. Click here to learn more.
Browse Prior Art Database

HTTP State Management Mechanism (RFC2109)

IP.com Disclosure Number: IPCOM000002662D
Original Publication Date: 1997-Feb-01
Included in the Prior Art Database: 2000-Sep-13
Document File: 17 page(s) / 40K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

D. Kristol: AUTHOR [+2]

Abstract

This document specifies a way to create a stateful session with HTTP requests and responses. It describes two new headers, Cookie and Set-Cookie, which carry state information between participating origin servers and user agents. The method described here differs from Netscape's Cookie proposal, but it can interoperate with HTTP/1.0 user agents that use Netscape's method. (See the HISTORICAL section.)

This text was extracted from a ASCII Text document.
This is the abbreviated version, containing approximately 7% of the total text.

Network Working Group D. Kristol

Request for Comments: 2109 Bell Laboratories, Lucent Technologies

Category: Standards Track L. Montulli

Netscape Communications

February 1997

HTTP State Management Mechanism

Status of this Memo

This document specifies an Internet standards track protocol for the

Internet community, and requests discussion and suggestions for

improvements. Please refer to the current edition of the "Internet

Official Protocol Standards" (STD 1) for the standardization state

and status of this protocol. Distribution of this memo is unlimited.

1. ABSTRACT

This document specifies a way to create a stateful session with HTTP

requests and responses. It describes two new headers, Cookie and

Set-Cookie, which carry state information between participating

origin servers and user agents. The method described here differs

from Netscape's Cookie proposal, but it can interoperate with

HTTP/1.0 user agents that use Netscape's method. (See the HISTORICAL

section.)

2. TERMINOLOGY

The terms user agent, client, server, proxy, and origin server have

the same meaning as in the HTTP/1.0 specification.

Fully-qualified host name (FQHN) means either the fully-qualified

domain name (FQDN) of a host (i.e., a completely specified domain

name ending in a top-level domain such as .com or .uk), or the

numeric Internet Protocol (IP) address of a host. The fully

qualified domain name is preferred; use of numeric IP addresses is

strongly discouraged.

The terms request-host and request-URI refer to the values the client

would send to the server as, respectively, the host (but not port)

and abs_path portions of the absoluteURI (http_URL) of the HTTP

request line. Note that request-host must be a FQHN.

Hosts names can be specified either as an IP address or a FQHN

string. Sometimes we compare one host name with another. Host A's

name domain-matches host B's if

* both host names are IP addresses and their host name strings match

exactly; or

* both host names are FQDN strings and their host name strings match

exactly; or

* A is a FQDN string and has the form NB, where N is a non-empty name

string, B has the form .B', and B' is a FQDN string. (So, x.y.com

domain-matches .y.com but not y.com.)

Note that domain-match is not a commutative operation: a.b.c.com

domain-matches .c.com, but not the reverse.

Because it was used in Netscape's original implementation of state

management, we will use the term cookie to refer to the state

information that passes between an origin server and user agent, and

that gets stored by the user agent.

3. STATE AND SESSIONS

This document describes a way to create stateful sessions with HTTP

requests and responses. Currently, HTTP servers res...