draft-ietf-httpbis-rfc6265bis-06.txt		draft-ietf-httpbis-rfc6265bis-latest.txt
	HTTP Working Group M. West, Ed.		HTTP Working Group M. West, Ed.
	Internet-Draft Google, Inc		Internet-Draft Google, Inc
	Obsoletes: 6265 (if approved) J. Wilander, Ed.		Obsoletes: 6265 (if approved) J. Wilander, Ed.
	Intended status: Standards Track Apple, Inc		Intended status: Standards Track Apple, Inc
	Expires: October 22, 2020 April 20, 2020		Expires: January 13, 2021 July 12, 2020
	Cookies: HTTP State Management Mechanism		Cookies: HTTP State Management Mechanism
	draft-ietf-httpbis-rfc6265bis-06		draft-ietf-httpbis-rfc6265bis-latest
	Abstract		Abstract
	This document defines the HTTP Cookie and Set-Cookie header fields.		This document defines the HTTP Cookie and Set-Cookie header fields.
	These header fields can be used by HTTP servers to store state		These header fields can be used by HTTP servers to store state
	(called cookies) at HTTP user agents, letting the servers maintain a		(called cookies) at HTTP user agents, letting the servers maintain a
	stateful session over the mostly stateless HTTP protocol. Although		stateful session over the mostly stateless HTTP protocol. Although
	cookies have many historical infelicities that degrade their security		cookies have many historical infelicities that degrade their security
	and privacy, the Cookie and Set-Cookie header fields are widely used		and privacy, the Cookie and Set-Cookie header fields are widely used
	on the Internet. This document obsoletes RFC 6265.		on the Internet. This document obsoletes RFC 6265.
	skipping to change at page 1, line 47 ¶		skipping to change at page 1, line 47 ¶
	Internet-Drafts are working documents of the Internet Engineering		Internet-Drafts are working documents of the Internet Engineering
	Task Force (IETF). Note that other groups may also distribute		Task Force (IETF). Note that other groups may also distribute
	working documents as Internet-Drafts. The list of current Internet-		working documents as Internet-Drafts. The list of current Internet-
	Drafts is at https://datatracker.ietf.org/drafts/current/.		Drafts is at https://datatracker.ietf.org/drafts/current/.
	Internet-Drafts are draft documents valid for a maximum of six months		Internet-Drafts are draft documents valid for a maximum of six months
	and may be updated, replaced, or obsoleted by other documents at any		and may be updated, replaced, or obsoleted by other documents at any
	time. It is inappropriate to use Internet-Drafts as reference		time. It is inappropriate to use Internet-Drafts as reference
	material or to cite them other than as "work in progress."		material or to cite them other than as "work in progress."
	This Internet-Draft will expire on October 22, 2020.		This Internet-Draft will expire on January 13, 2021.
	Copyright Notice		Copyright Notice
	Copyright (c) 2020 IETF Trust and the persons identified as the		Copyright (c) 2020 IETF Trust and the persons identified as the
	document authors. All rights reserved.		document authors. All rights reserved.
	This document is subject to BCP 78 and the IETF Trust's Legal		This document is subject to BCP 78 and the IETF Trust's Legal
	Provisions Relating to IETF Documents		Provisions Relating to IETF Documents
	(https://trustee.ietf.org/license-info) in effect on the date of		(https://trustee.ietf.org/license-info) in effect on the date of
	publication of this document. Please review these documents		publication of this document. Please review these documents
	skipping to change at page 10, line 5 ¶		skipping to change at page 10, line 5 ¶
	server to the user agent.		server to the user agent.
	4.1.1. Syntax		4.1.1. Syntax
	Informally, the Set-Cookie response header contains the header name		Informally, the Set-Cookie response header contains the header name
	"Set-Cookie" followed by a ":" and a cookie. Each cookie begins with		"Set-Cookie" followed by a ":" and a cookie. Each cookie begins with
	a name-value-pair, followed by zero or more attribute-value pairs.		a name-value-pair, followed by zero or more attribute-value pairs.
	Servers SHOULD NOT send Set-Cookie headers that fail to conform to		Servers SHOULD NOT send Set-Cookie headers that fail to conform to
	the following grammar:		the following grammar:
	set-cookie-header = "Set-Cookie:" SP BWS set-cookie-string		set-cookie-header = "Set-Cookie:" SP BWS set-cookie-string
	set-cookie-string = BWS cookie-pair *( BWS ";" OWS cookie-av )		set-cookie-string = BWS cookie-pair *( BWS ";" OWS cookie-av )
	cookie-pair = cookie-name BWS "=" BWS cookie-value		cookie-pair = cookie-name BWS "=" BWS cookie-value
	cookie-name = 1*cookie-octet		cookie-name = 1*cookie-octet
	cookie-value = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE )		cookie-value = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE )
	cookie-octet = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E / %x80-FF		cookie-octet = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
	; US-ASCII characters excluding CTLs,		/ %x80-FF
	; whitespace DQUOTE, comma, semicolon,		; octets excluding CTLs,
	; and backslash		; whitespace DQUOTE, comma, semicolon,
			; and backslash
	cookie-av = expires-av / max-age-av / domain-av /		cookie-av = expires-av / max-age-av / domain-av /
	path-av / secure-av / httponly-av /		path-av / secure-av / httponly-av /
	samesite-av / extension-av		samesite-av / extension-av
	expires-av = "Expires" BWS "=" BWS sane-cookie-date		expires-av = "Expires" BWS "=" BWS sane-cookie-date
	sane-cookie-date =		sane-cookie-date =
	<IMF-fixdate, defined in [RFC7231], Section 7.1.1.1>		<IMF-fixdate, defined in [RFC7231], Section 7.1.1.1>
	max-age-av = "Max-Age" BWS "=" BWS non-zero-digit *DIGIT		max-age-av = "Max-Age" BWS "=" BWS non-zero-digit *DIGIT
	; In practice, both expires-av and max-age-av		; In practice, both expires-av and max-age-av
	; are limited to dates representable by the		; are limited to dates representable by the
	; user agent.		; user agent.
	non-zero-digit = %x31-39		non-zero-digit = %x31-39
	; digits 1 through 9		; digits 1 through 9
	domain-av = "Domain" BWS "=" BWS domain-value		domain-av = "Domain" BWS "=" BWS domain-value
	domain-value = <subdomain>		domain-value = <subdomain>
	; defined in [RFC1034], Section 3.5, as		; defined in [RFC1034], Section 3.5, as
	; enhanced by [RFC1123], Section 2.1		; enhanced by [RFC1123], Section 2.1
	path-av = "Path" BWS "=" BWS path-value		path-av = "Path" BWS "=" BWS path-value
	path-value = *av-octet		path-value = *av-octet
	secure-av = "Secure"		secure-av = "Secure"
	httponly-av = "HttpOnly"		httponly-av = "HttpOnly"
	samesite-av = "SameSite" BWS "=" BWS samesite-value		samesite-av = "SameSite" BWS "=" BWS samesite-value
	samesite-value = "Strict" / "Lax" / "None"		samesite-value = "Strict" / "Lax" / "None"
	extension-av = *av-octet		extension-av = *av-octet
	av-octet = %x20-3A / %x3C-7E		av-octet = %x20-3A / %x3C-7E
	; any CHAR except CTLs or ";"		; any CHAR except CTLs or ";"
	Note that some of the grammatical terms above reference documents		Note that some of the grammatical terms above reference documents
	that use different grammatical notations than this document (which		that use different grammatical notations than this document (which
	uses ABNF from [RFC5234]).		uses ABNF from [RFC5234]).
	The semantics of the cookie-value are not defined by this document.		The semantics of the cookie-value are not defined by this document.
	To maximize compatibility with user agents, servers that wish to		To maximize compatibility with user agents, servers that wish to
	store arbitrary data in a cookie-value SHOULD encode that data, for		store arbitrary data in a cookie-value SHOULD encode that data, for
	example, using Base64 [RFC4648].		example, using Base64 [RFC4648].
	skipping to change at page 45, line 12 ¶		skipping to change at page 45, line 12 ¶
	of [RFC8126]). The attribute to be registered MUST match the		of [RFC8126]). The attribute to be registered MUST match the
	"extension-av" syntax defined in Section 4.1.1. Note that attribute		"extension-av" syntax defined in Section 4.1.1. Note that attribute
	names are generally defined in CamelCase, but technically accepted		names are generally defined in CamelCase, but technically accepted
	case-insensitively.		case-insensitively.
	9.3.2. Registration		9.3.2. Registration
	The "Cookie Attribute Registry" will be updated with the		The "Cookie Attribute Registry" will be updated with the
	registrations below:		registrations below:
	+----------+----------------------------------------+		+----------+----------------------------------+
	| Name | Reference |		| Name | Reference |
	+----------+----------------------------------------+		+----------+----------------------------------+
	| Domain | Section 4.1.2.3 of this document |		| Domain | Section 4.1.2.3 of this document |
	| Expires | Section 4.1.2.1 of this document |		| Expires | Section 4.1.2.1 of this document |
	| HttpOnly | {{attribute-httponly} of this document |		| HttpOnly | Section 4.1.2.6 of this document |
	| Max-Age | {{attribute-max-age} of this document |		| Max-Age | Section 4.1.2.2 of this document |
	| Path | {{attribute-path} of this document |		| Path | Section 4.1.2.4 of this document |
	| SameSite | {{attribute-samesite} of this document |		| SameSite | Section 4.1.2.7 of this document |
	| Secure | {{attribute-secure} of this document |		| Secure | Section 4.1.2.5 of this document |
	+----------+----------------------------------------+		+----------+----------------------------------+
	10. References		10. References
	10.1. Normative References		10.1. Normative References
	[FETCH] van Kesteren, A., "Fetch", n.d.,		[FETCH] van Kesteren, A., "Fetch", n.d.,
	<https://fetch.spec.whatwg.org/>.		<https://fetch.spec.whatwg.org/>.
	[HTML] Hickson, I., Pieters, S., van Kesteren, A., Jaegenstedt,		[HTML] Hickson, I., Pieters, S., van Kesteren, A., Jaegenstedt,
	P., and D. Denicola, "HTML", n.d.,		P., and D. Denicola, "HTML", n.d.,
End of changes. 6 change blocks.
	48 lines changed or deleted		49 lines changed or added
This html diff was produced by rfcdiff 1.44jr. The latest version is available from http://tools.ietf.org/tools/rfcdiff/