The Version attribute is obsolete (see RFC 6265)

[sstrollo]

Hi

The "Version=" attribute in the set-cookie header is obsolete (and may even confuse some newer user agents). I propose removing it, as attached.

Cheers,

/Sebastian

[essen]

Well, does it confuse newer user agents? It was obsolete when the lib was written, but that's not necessarily a problem.

[essen]

Also any revision to the cookie parsing/building code should wait for the final version of rfc6265bis.

[sstrollo]

Okay. I can't find any reference that says the "Set-Cookie" header should include a "Version" attribute, I would argue the code is (and has been) wrong all along :) Plenty of references that don't refer to "Version", apart from rfc 6265, https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie. For parsing, IMO, you should just ignore unknown attributes (such as version).

[essen]

It's an old remnant from when there was implementations of Set-Cookie2.

Cookie building and parsing is very detailed in rfc6265bis and I have helped iron out a few edge cases in the draft. Gun runs the same test suites browsers do. It's only a matter of time until it gets released and we can do the final bit of work around that.

[sstrollo]

Fair enough. Let me look into what the problem actually was (I just heard it from one of my front-end colleagues, something about "hmm .. cookie ... version .. chrome..." :) and thought I might as well remove the Version).

Thanks,

/Sebastian

[essen]

The most recent draft is https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-09

I will do a revision based on this draft before releasing Gun 2.0.

[essen]

Great so the WPT tests no longer have the http-state tests (they were ported to WPT proper) so properly testing cookies again will require some extra work.

[essen]

FYI I have figured out the path forward earlier this week. So now it's just a grind to convert the tests.

[essen]

Merged, thanks!

The cookie test suite work was completed as well.