Errata-ID: 3663

Status:

Held for Document Update

Type:

Technical

Reported By:

Dave Thaler

Date Reported:

2013-06-17

Held for Document Update by:

Barry Leiba

Date Held for Document Update:

2013-08-07

Section 5.1.4 says:

A request-path path-matches a given cookie-path if at least one of
the following conditions holds:

o The cookie-path and the request-path are identical.

It should say:

A request-path path-matches a given cookie-path if at least one of
the following conditions holds:

o The cookie-path and the request-path are identical. Note that this
 differs from the rules in RFC 3986 for equivalence of the path
 component, and hence two equivalent paths can have different
 cookies.

Notes:

The "identical" rule differs from the URI equivalence rule(s) in RFC 3986
sections 6.2 and 2.1 (e.g., "If two URIs differ only in the case of hexadecimal
digits used in percent-encoded octets, they are equivalent.") The fact that
equivalent URIs have different cookies arguably violates the principle of
least astonishment. To avoid significant confusion and prevent such surprise,
this fact should be noted so that it is at least not unexpected.