Session header timeout field must be stripped when serializing to a Request

sdroege / rtsp-types

RTSP (RFC 7826) types and parsers/serializers

MIT License

25 stars 14 forks source link

Session header timeout field must be stripped when serializing to a Request #24

Open nirbheek opened 10 months ago

nirbheek commented 10 months ago

It is not obvious that you cannot store the Session you get in a SETUP response and use it as-is in future requests, because you have to set the timeout field to None, otherwise you are not spec-compliant.

Live555 for instance will parse Session: TOKEN;timeout=65 in a request as TOKEN;timeout=65 being the session token.

The abstractions don't allow for different header serializations when building Requests vs Responses, so this is non-trivial to fix.

sdroege commented 10 months ago

Live555 for instance will parse Session: TOKEN;timeout=65 in a request as TOKEN;timeout=65 being the session token.

That's of course a bug in live555 but we should probably do better :)

Independent of request or response, the grammar for the header is:

RTSP 1:

 Session  = "Session" ":" session-id [ ";" "timeout" "=" delta-seconds ]

RTSP 2:

   Session          =  "Session" HCOLON session-id
                       [ SEMI "timeout" EQUAL delta-seconds ]

nirbheek commented 10 months ago

Yeah the grammar says that but the spec also says:

RTSP 1:

The timeout parameter is only allowed in a response header

RTSP 2:

The timeout parameter of the Session header (Section 18.49) MAY be included in a SETUP response and MUST NOT be included in requests.