SP cookie bloat

Paul Henson henson at signet.id
Mon Oct 24 20:00:41 UTC 2022

> Date: Mon, 24 Oct 2022 12:53:34 +0000 From: "Cantor, Scott via users"
> <users at shibboleth.net>
> I looked at the code again, and to the extent that you can count on
> the order at all (that's a common thing but it's not required by the
> RFC)

It's a "should" not a "must" <shrug>:


"The user agent SHOULD sort the cookie-list in the following order:
Among cookies that have equal-length path fields, cookies with
earlier creation-times are listed before cookies with later

> the code is doing what I thought it did. It walks the list in
> reverse counting up to 20

Ah, my bad, sorry; I missed the fact that the list was iterated over in 

Signet - The Art of Access

More information about the users mailing list