SP cookie bloat
Paul Henson
henson at signet.id
Mon Oct 24 20:00:41 UTC 2022
> Date: Mon, 24 Oct 2022 12:53:34 +0000 From: "Cantor, Scott via users"
> <users at shibboleth.net>
>
> I looked at the code again, and to the extent that you can count on
> the order at all (that's a common thing but it's not required by the
> RFC)
It's a "should" not a "must" <shrug>:
https://www.rfc-editor.org/rfc/rfc6265
"The user agent SHOULD sort the cookie-list in the following order:
[...]
Among cookies that have equal-length path fields, cookies with
earlier creation-times are listed before cookies with later
creation-times."
> the code is doing what I thought it did. It walks the list in
> reverse counting up to 20
Ah, my bad, sorry; I missed the fact that the list was iterated over in
reverse.
--
Signet - The Art of Access
https://www.signet.id/
More information about the users
mailing list