On 14/02/2006 20:59, VK wrote:
[snip]
Now reading OP's original question once over: "Any cookies that I have
associated with that site will be sent along with this HTTP request".
*I have associated*
From my (possibly wrong) reading of this sentence I concluded that OP
knows what cookies, for what domain and what path did he set.
One should certainly hope that, given a particular cookie, code that
deals with this cookie should know the conditions under which is was
created. However, if there were, for example, two cookies used across a
site, code that uses only one shouldn't need to know about the other.
What you proposed - removing and then restoring the cookies - would mean
that the client-side code would need to know everything about both, and
would need to be maintained in parallel to the code that creates and
uses them. Even then, the client-side code still may not be able to
restore the cookies properly as it will not know the original expiration
time and date.
name/domain/path exact match was implemented for exactly the opposite
situation: when someone wants to destroy cookie set by someone else.
Not at all. The domain and path parameters allow an application to
control where within a site the state information will apply (I already
said that). The required matching algorithm, insofar as matching name,
domain and path, is in place to ensure that the correct cookie is
modified as cookies with the same name can co-exist. It does have the
side-effect of making modification difficult unless the this data is
known, but it's not the reason (otherwise RFC 2965 wouldn't specify
behaviour that exposes it).
Again it might be my mistake but I did not read this situation out of
the post.
To be fair to you, it isn't your responsibility to try to infer
information about a situation that cannot reasonably be known: the OP
should make the circumstances clear. However, you cannot espouse
practicality and then go on to propose something that is clearly not
practical under a reasonable scenario.
Mike