Errata-ID: 3430

Status:

Rejected

Type:

Technical

Reported By:

Zhong Yu

Date Reported:

2012-12-13

Rejected by:

Barry Leiba

Date Rejected:

2012-12-17

Section 4.1.1 says:

 max-age-av = "Max-Age=" non-zero-digit *DIGIT
 ; In practice, both expires-av and max-age-av
 ; are limited to dates representable by the
 ; user agent.
 non-zero-digit = %x31-39
 ; digits 1 through 9

It should say:

 max-age-av = "Max-Age=" 1*DIGIT
 ; In practice, both expires-av and max-age-av
 ; are limited to dates representable by the
 ; user agent.

Notes:

The current text forbids a server to send Max-Age=0.
 --VERIFIER NOTES-- 
That is correct. As noted in the introduction, what servers should do and what clients should do are not the same. The ABNF in Section 4 limits the server intentionally, to maximize compatibility with deployed clients. See this text in the Introduction:

 To maximize interoperability with user agents, servers SHOULD limit
 themselves to the well-behaved profile defined in Section 4 when
 generating cookies.

 User agents MUST implement the more liberal processing rules defined
 in Section 5, in order to maximize interoperability with existing
 servers that do not conform to the well-behaved profile defined in
 Section 4.